Try our conversational search powered by Generative AI!

AI OnAI Off
Jens Nygård
Jens Nygård
Jan 10, 2012
  14433
(2 votes)

Security vulnerability - Elevation of privilege

A security vulnerability has been detected which allows elevation of privilege for a user that has access to Edit mode in EPiServer CMS 5 and CMS 6. In practice this means that someone with editorial privileges could take ownership of the “WebAdmins” account.

Websites based on EPiServer CMS 5 and 6 using Forms Authentication with a Membership provider that supports updating are affected by this security vulnerability. Websites using Windows Authentication or Forms Authentication with Windows Membership provider are not affected.

We recommend our partners to contact EPiServer Developer Support to obtain a hotfix for the CMS specific security concerns.

The above shares some characteristics with the vulnerability previously reported by Microsoft, but should not be mistaken as the same. For more information see Microsoft Security Bulletin MS11-100

Jan 10, 2012

Comments

Magnus Rahl
Magnus Rahl Jan 10, 2012 06:55 PM

I assume this includes CMS 6 R2?

Lars Bodahl
Lars Bodahl Jan 10, 2012 10:44 PM

All CMS 5 and 6 versions. You get a hotfix from support :)

erik.engstrand@precio.se
erik.engstrand@precio.se Jan 11, 2012 09:05 AM

Thanx

Please login to comment.
Latest blogs
Optimizely and the never-ending story of the missing globe!

I've worked with Optimizely CMS for 14 years, and there are two things I'm obsessed with: Link validation and the globe that keeps disappearing on...

Tomas Hensrud Gulla | Apr 18, 2024 | Syndicated blog

Visitor Groups Usage Report For Optimizely CMS 12

This add-on offers detailed information on how visitor groups are used and how effective they are within Optimizely CMS. Editors can monitor and...

Adnan Zameer | Apr 18, 2024 | Syndicated blog

Azure AI Language – Abstractive Summarisation in Optimizely CMS

In this article, I show how the abstraction summarisation feature provided by the Azure AI Language platform, can be used within Optimizely CMS to...

Anil Patel | Apr 18, 2024 | Syndicated blog

Fix your Search & Navigation (Find) indexing job, please

Once upon a time, a colleague asked me to look into a customer database with weird spikes in database log usage. (You might start to wonder why I a...

Quan Mai | Apr 17, 2024 | Syndicated blog

See all blogs