Jens Nygård
Jan 10, 2012
  12597
(2 votes)

Security vulnerability - Elevation of privilege

A security vulnerability has been detected which allows elevation of privilege for a user that has access to Edit mode in EPiServer CMS 5 and CMS 6. In practice this means that someone with editorial privileges could take ownership of the “WebAdmins” account.

Websites based on EPiServer CMS 5 and 6 using Forms Authentication with a Membership provider that supports updating are affected by this security vulnerability. Websites using Windows Authentication or Forms Authentication with Windows Membership provider are not affected.

We recommend our partners to contact EPiServer Developer Support to obtain a hotfix for the CMS specific security concerns.

The above shares some characteristics with the vulnerability previously reported by Microsoft, but should not be mistaken as the same. For more information see Microsoft Security Bulletin MS11-100

Jan 10, 2012

Comments

Magnus Rahl
Magnus Rahl Jan 10, 2012 06:55 PM

I assume this includes CMS 6 R2?

Lars Bodahl
Lars Bodahl Jan 10, 2012 10:44 PM

All CMS 5 and 6 versions. You get a hotfix from support :)

erik.engstrand@precio.se
erik.engstrand@precio.se Jan 11, 2012 09:05 AM

Thanx

Please login to comment.
Latest blogs
Implementing EmbeddedLocalization in Optimizely CMS 12

My previous post on translation (Translating Optimizely CMS 12 UI components) gives an overview of how to implement the FileXmlLocalizationProvider...

Eric Herlitz | Jan 27, 2023 | Syndicated blog

Breaking changes in EPiServer.CMS.TinyMce 4.0.0

After upgrading to the latest version of EPiServer.CMS.TinyMce, the dropdown with formats disappears. Learn how to get it back!

Tomas Hensrud Gulla | Jan 27, 2023 | Syndicated blog

Translating Optimizely CMS 12 UI components

Optimizely CMS 12 have been out for a while now, but still some elements haven't been properly translated resulting in a GUI defaulting to english....

Eric Herlitz | Jan 26, 2023 | Syndicated blog

Image preview in Optimizely CMS12 all properties view

With these simple steps, you can now see an Image and its Metadata, including size and dimensions, when editing an Image property in Optimizely...

Tomas Hensrud Gulla | Jan 26, 2023 | Syndicated blog