IMPORTANT: February 2015. Security Update 3 is available for this version of Ektron. See Security update 6 (Releases 8.02 SP5 to 9.20).
Released: October 26, 2012
Issues resolved for version 8.02 SP5
- 62213, 62214, 61724, 61169, 63465. Security issues with XSL transformations. Details below.
Microsoft Vulnerability Research (MSVR) has announced an advisory with Ektron Web Content Management System (CMS). MSVR discovered the two vulnerabilities, CVE-2012-5357 and CVE 2012-5358), reported the issues to Ektron, and worked with their development team to ensure that the issues were resolved. The first vulnerability deals with improperly sanitized user data that could potentially result in the execution of arbitrary code. The second issue could allow an attacker to bypass authentication if properly exploited. Customers that have Ektron's CMS deployed are advised to review the advisory and apply the patches as soon as possible.