Vulnerability discovered in Sitefinity CMS

mnemonic discovers vulnerability affecting Sitefinity

Erlend Leiknes, Security Consultant at mnemonic, identified and disclosed the following vulnerability given CVE id CVE-2017-15883


A cryptographic weakness was found in Sitefinity, allowing an attacker to bypass authentication.

An exploit may lead to denial of service on load balanced sites and/or may lead to elevation of backend user privileges.

Estimated CVSSv3 Base Score: 8.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C

The vulnerability affects Sitefinity versions 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x and 10.x.

Official release notes and security advisory can be found at: