LiveActive security incident?Get immediate response
CVE Record

CVE-2021-47712: Kentico Xperience <= 12.0.102 URL Hashing Cryptography Vulnerability

A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hashing mechanisms. The hotfix introduces an additional security layer to prevent hash value reuse and potential exploitation.

HighCVSS 7.5Not KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

Kentico Xperience sites at or below 12.0.102 may have a weakness in how URL hashes are protected. An unauthenticated network attacker could potentially reuse or manipulate hash values, creating confidentiality risk. The source bundle identifies a Kentico hotfix as the remediation path. No active exploitation is cited.

Executive priority

Treat as a high-priority patching issue for public Kentico Xperience sites. The main business concern is unauthorized access to protected information through weak URL hash protections. There is no cited evidence of active exploitation, but the vulnerability is remotely reachable and unauthenticated.

Technical view

CVE-2021-47712 is a cryptography vulnerability in Kentico Xperience URL hashing, mapped to CWE-327. CVSS 3.1 is 7.5: network-accessible, low complexity, no privileges, no user interaction, with high confidentiality impact. Vendor hotfixes reportedly add a security layer to prevent hash reuse and potential exploitation.

Likely exposure

Exposure is most likely for internet-facing Kentico Xperience deployments running version 12.0.102 or earlier. The provided affected-version metadata is incomplete, so teams should confirm exact product and hotfix levels against Kentico guidance.

Exploitation context

The sources describe potential manipulation or reuse of URL hash values through existing hashing mechanisms. The CVE is not listed as KEV in the provided bundle, and no cited source states active exploitation.

Researcher notes

Public detail is limited. Avoid assuming exploitability beyond the described URL hash manipulation and reuse risk. The affected-version field in the bundle is not useful, while the title identifies <=12.0.102. Use Kentico hotfix records as the authoritative remediation reference.

Mitigation direction

  • Identify Kentico Xperience deployments and their exact hotfix levels.
  • Apply the relevant Kentico hotfix from the vendor hotfix page.
  • Prioritize internet-facing Kentico instances before internal-only systems.
  • Review Kentico vendor guidance for any additional configuration requirements.

Validation and detection

  • Confirm deployed Kentico Xperience version and hotfix level.
  • Verify the environment is above 12.0.102 or otherwise vendor-remediated.
  • Check asset inventory for public Kentico Xperience exposure.
  • Document remediation status for each affected application.
Prepared
Confidence
medium
Sources
4

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-327: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2021-47712 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
High
CVSS
7.5 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
3Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
7.5CVSS 3.1HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N3.93.6Primary CVE score

Vulnerability scoring details

Base CVSS 3.1 score

7.5High
CVSS 3.1 vector shape for CVE-2021-47712Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
KenticoXperience0Listed
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-327 · source CWE mapping

Use of a Broken or Risky Cryptographic Algorithm

Use of a Broken or Risky Cryptographic Algorithm represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.