A critical access control vulnerability in Progress Sitefinity allows unauthenticated attackers to gain full control over the confidentiality, integrity, and availability of the system.

This is an improper access control vulnerability within the web services layer, permitting an unauthenticated attacker to bypass authorization checks and access sensitive, restricted content.

This flaw allows for a total compromise of the affected Sitefinity installation, which can lead to data breaches, unauthorized modification of web content, and complete loss of system availability. With a CVSS score of 9.8, this represents an extreme risk to any organization relying on Sitefinity for external-facing web presence.

Immediate Action: Update Sitefinity to version 15.4.8630 or later to remediate the access control bypass.

Proactive Monitoring: Monitor web access logs for unauthorized attempts to access restricted directories or administrative endpoints.

Compensating Controls: Temporarily restrict access to web services via IP whitelisting or WAF rules if immediate patching is not feasible.

Public Exploit Available: false

The severity of this vulnerability necessitates an immediate update. Organizations should verify their current version against the affected range and apply the 15.4.8630 patch as a matter of urgency.