Jens Nygård
Jan 10, 2012
  16634
(2 votes)

Security vulnerability - Elevation of privilege

A security vulnerability has been detected which allows elevation of privilege for a user that has access to Edit mode in EPiServer CMS 5 and CMS 6. In practice this means that someone with editorial privileges could take ownership of the “WebAdmins” account.

Websites based on EPiServer CMS 5 and 6 using Forms Authentication with a Membership provider that supports updating are affected by this security vulnerability. Websites using Windows Authentication or Forms Authentication with Windows Membership provider are not affected.

We recommend our partners to contact EPiServer Developer Support to obtain a hotfix for the CMS specific security concerns.

The above shares some characteristics with the vulnerability previously reported by Microsoft, but should not be mistaken as the same. For more information see Microsoft Security Bulletin MS11-100

Jan 10, 2012

Comments

Magnus Rahl
Magnus Rahl Jan 10, 2012 06:55 PM

I assume this includes CMS 6 R2?

Lars Bodahl
Lars Bodahl Jan 10, 2012 10:44 PM

All CMS 5 and 6 versions. You get a hotfix from support :)

erik.engstrand@precio.se
erik.engstrand@precio.se Jan 11, 2012 09:05 AM

Thanx

Please login to comment.
Latest blogs
Create a multi-site aware custom search provider using Search & Navigation

In a multisite setup using Optimizely CMS, searching for pages can be confusing. The default CMS search regardless of search provider does not...

dada | Jun 12, 2025

Tunning Application Insights telemetry filtering in Optimizely

Application Insights is a cloud-based service designed to monitor web applications, providing insights into performance, errors, and user behavior,...

Stanisław Szołkowski | Jun 12, 2025 |

JavaScript SDK v6: Lightest, Most Efficient SDK Yet

Need a faster site and less frontend bloat? JavaScript SDK v6 is here —and it’s the lightest, smartest SDK we’ve ever released for Optimizely Featu...

Sarah Ager | Jun 11, 2025

Boosting Indexing Efficiency: Reindex Pages Directly from Optimizely’s Navigation Pane

There can be various reasons why you might want to trigger indexing or reindexing of a page/node directly from the navigation pane. In my case, we...

Praful Jangid | Jun 11, 2025