Take the community feedback survey now.

AI OnAI Off
Jens Nygård
Jens Nygård
Jan 10, 2012
  17019
(2 votes)

Security vulnerability - Elevation of privilege

A security vulnerability has been detected which allows elevation of privilege for a user that has access to Edit mode in EPiServer CMS 5 and CMS 6. In practice this means that someone with editorial privileges could take ownership of the “WebAdmins” account.

Websites based on EPiServer CMS 5 and 6 using Forms Authentication with a Membership provider that supports updating are affected by this security vulnerability. Websites using Windows Authentication or Forms Authentication with Windows Membership provider are not affected.

We recommend our partners to contact EPiServer Developer Support to obtain a hotfix for the CMS specific security concerns.

The above shares some characteristics with the vulnerability previously reported by Microsoft, but should not be mistaken as the same. For more information see Microsoft Security Bulletin MS11-100

Jan 10, 2012

Comments

Magnus Rahl
Magnus Rahl Jan 10, 2012 06:55 PM

I assume this includes CMS 6 R2?

Lars Bodahl
Lars Bodahl Jan 10, 2012 10:44 PM

All CMS 5 and 6 versions. You get a hotfix from support :)

erik.engstrand@precio.se
erik.engstrand@precio.se Jan 11, 2012 09:05 AM

Thanx

Please login to comment.
Latest blogs
Content modeling for beginners

  Introduction Learning by Doing – Optimizely Build Series  is a YouTube series where I am building  a fictional  website called  TasteTrail , food...

Ratish | Sep 14, 2025 |

A day in the life of an Optimizely OMVP - Enhancing Search Relevance with Optimizely Graph: Synonyms and Pinned Results

When building search experiences for modern digital platforms, relevance is everything. Users expect search to understand their intent, even when...

Graham Carr | Sep 14, 2025

Optimizely CMS and HTML validation message: Trailing slash on void elements has no effect and interacts badly with unquoted attribute values.

When using the W3C Markup Validation Service, some annoying information messages pop up because Optimizely CMS adds the trailing slash to...

Tomas Hensrud Gulla | Sep 14, 2025 |

Turbocharge your strings - a case of display channels

When doing a routine performance test, during a CMS 12 upgrade, I was able to achieve 95% performance improvement. Let's look at SearchValues with ...

Stefan Holm Olsen | Sep 14, 2025 |

See all blogs