London Dev Meetup Rescheduled! Due to unavoidable reasons, the event has been moved to 21st May. Speakers remain the same—any changes will be communicated. Seats are limited—register here to secure your spot!

Jens Nygård
Jan 10, 2012
  16418
(2 votes)

Security vulnerability - Elevation of privilege

A security vulnerability has been detected which allows elevation of privilege for a user that has access to Edit mode in EPiServer CMS 5 and CMS 6. In practice this means that someone with editorial privileges could take ownership of the “WebAdmins” account.

Websites based on EPiServer CMS 5 and 6 using Forms Authentication with a Membership provider that supports updating are affected by this security vulnerability. Websites using Windows Authentication or Forms Authentication with Windows Membership provider are not affected.

We recommend our partners to contact EPiServer Developer Support to obtain a hotfix for the CMS specific security concerns.

The above shares some characteristics with the vulnerability previously reported by Microsoft, but should not be mistaken as the same. For more information see Microsoft Security Bulletin MS11-100

Jan 10, 2012

Comments

Magnus Rahl
Magnus Rahl Jan 10, 2012 06:55 PM

I assume this includes CMS 6 R2?

Lars Bodahl
Lars Bodahl Jan 10, 2012 10:44 PM

All CMS 5 and 6 versions. You get a hotfix from support :)

erik.engstrand@precio.se
erik.engstrand@precio.se Jan 11, 2012 09:05 AM

Thanx

Please login to comment.
Latest blogs
Routing to a page in SaaS CMS

More early findings from using a SaaS CMS instance; setting up Graph queries that works for both visitor pageviews and editor previews.

Johan Kronberg | Apr 14, 2025 |

Developer Meetup - London, 24th April 2025

Next Thursday, 24th April will be Candyspace 's first Optimizely Developer Meetup, and the first one held in London this year! We've have some...

Gavin_M | Apr 14, 2025

Successful Digitalization for SMEs: How Optimizely One can Revolutionize Your Business Processes

"Achieve digital excellence with Optimizely One: Boost efficiency, delight customers, secure growth." In today's digital world, it's crucial for...

Frank Hohmeyer | Apr 11, 2025

Personalized Optimizely CMS Website Search Experiences Azure AI Search & Personalizer

In the last blog, we discussed Integrating the Optimizely CMS website with Azure AI search. Now let’s take a bit more advanced topic to serve...

Naveed Ul-Haq | Apr 10, 2025 |