Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1031

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2012-1031
Last Modified 13 Feb 2012 11:11:16
Published 07 Feb 2012 11:11:32
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-1031

Summary

Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit Mode privileges, a different vulnerability than CVE-2011-3416 and CVE-2011-3417.

Vulnerable Systems

Application

  • Episerver Cms 5.1.422.122

  • Episerver Cms 5.1.422.256

  • Episerver Cms 5.1.422.267

  • Episerver Cms 5.1.422.4

  • Episerver Cms 5.2.375.133

  • Episerver Cms 5.2.375.236

  • Episerver Cms 5.2.375.7

  • Episerver Cms 6.0.530.0

  • Episerver Cms 6.1.379.0


References

CONFIRM - http://world.episerver.com/Blogs/Shahid-Nawaz/Dates/2012/1/General-Hotfix-CMS-6-R2/

CONFIRM - http://world.episerver.com/Blogs/Jens-N/Dates/2012/1/Security-vulnerability---Elevation-of-privilege/

SECUNIA - 47910

BID - 51877


Last Updated: 27 May 2016 10:56:28