CVE-2023-29375

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
progresssitefinity
13.3 ≤
𝑥
< 13.3.7646
progresssitefinity
14.0 ≤
𝑥
< 14.0.7736
progresssitefinity
14.1 ≤
𝑥
< 14.1.7826
progresssitefinity
14.2 ≤
𝑥
< 14.2.7930
progresssitefinity
14.3 ≤
𝑥
< 14.3.8026
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-April-2023
https://www.progress.com/sitefinity-cms
https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-April-2023
https://www.progress.com/sitefinity-cms