AI OnAI Off
Jens Nygård
Jens Nygård
Jan 10, 2012
  17725
(2 votes)

Security vulnerability - Elevation of privilege

A security vulnerability has been detected which allows elevation of privilege for a user that has access to Edit mode in EPiServer CMS 5 and CMS 6. In practice this means that someone with editorial privileges could take ownership of the “WebAdmins” account.

Websites based on EPiServer CMS 5 and 6 using Forms Authentication with a Membership provider that supports updating are affected by this security vulnerability. Websites using Windows Authentication or Forms Authentication with Windows Membership provider are not affected.

We recommend our partners to contact EPiServer Developer Support to obtain a hotfix for the CMS specific security concerns.

The above shares some characteristics with the vulnerability previously reported by Microsoft, but should not be mistaken as the same. For more information see Microsoft Security Bulletin MS11-100

Jan 10, 2012

Comments

Magnus Rahl
Magnus Rahl Jan 10, 2012 06:55 PM

I assume this includes CMS 6 R2?

Lars Bodahl
Lars Bodahl Jan 10, 2012 10:44 PM

All CMS 5 and 6 versions. You get a hotfix from support :)

erik.engstrand@precio.se
erik.engstrand@precio.se Jan 11, 2012 09:05 AM

Thanx

Please login to comment.
Latest blogs
AEO/GEO: A practical guide

Search changed. People ask AI tools. AI answers. Your content must be understandable, citable, and accessible to both humans and machines. That’s...

Naveed Ul-Haq | Feb 17, 2026 |

We Cloned Our Best Analyst with AI: How Our Opal Hackathon Grand Prize Winner is Changing Experimentation

Every experimentation team knows the feeling. You have a backlog of experiment ideas, but progress is bottlenecked by one critical team member, the...

Polly Walton | Feb 16, 2026

Architecting AI in Optimizely CMS: When to Use Opal vs Custom Integration

AI is rapidly becoming a core capability in modern digital experience platforms. As developers working with Optimizely CMS 12 (.NET Core), the real...

Keshav Dave | Feb 15, 2026

Reducing Web Experimentation MAU Using the REST API

Overview Optimizely Web Experimentation counts an MAU based upon the script snippet rendering for evauluation of web experiement. Therefore when yo...

Scott Reed | Feb 13, 2026

See all blogs