What is CVE-2012-5358?

CVE-2012-5358 is a critical-severity vulnerability in Ektron Ektron_content_management_system, classified under CWE-19. CVSS score: 9.8/10. Published 2017-10-30.

How severe is CVE-2012-5358?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Ektron Ektron_content_management_system

CVE-2012-5358

The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authenti…

EPSS: 0.006 (69.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Ektron Ektron_content_management_system
N/a — versions n/a

Weakness classification (CWE)

CWE-19

References

cve@mitre.org (Exploit, Third Party Advisory, x_refsource_MISC, Issue Tracking)
cve@mitre.org (x_refsource_CONFIRM, Issue Tracking, Vendor Advisory)
cve@mitre.org (Third Party Advisory, x_refsource_MISC, Release Notes, Issue Tracking)

Frequently asked questions

What is CVE-2012-5358?: CVE-2012-5358 is a critical-severity vulnerability in Ektron Ektron_content_management_system, classified under CWE-19. CVSS score: 9.8/10. Published 2017-10-30.
How severe is CVE-2012-5358?: Critical severity. CVSS v3 base score is 9.8 out of 10.