Authentication flaw

2012-02-0804:11:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.7%

JSON

Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit Mode privileges, a different vulnerability than CVE-2011-3416 and CVE-2011-3417.

CPENameOperatorVersion
episerver_cmseq5.2.375.133
episerver_cmseq5.1.422.4
episerver_cmseq5.1.422.122
episerver_cmseq6.1.379.0
episerver_cmseq5.2.375.7
episerver_cmseq5.2.375.236
episerver_cmseq6.0.530.0
episerver_cmseq5.1.422.256
episerver_cmseq5.1.422.267

Name	Operator	Version
episerver_cms	eq	5.2.375.133
episerver_cms	eq	5.1.422.4
episerver_cms	eq	5.1.422.122
episerver_cms	eq	6.1.379.0
episerver_cms	eq	5.2.375.7
episerver_cms	eq	5.2.375.236
episerver_cms	eq	6.0.530.0
episerver_cms	eq	5.1.422.256
episerver_cms	eq	5.1.422.267