CVE-2012-5358

Name of the Vulnerable Software and Affected Versions: Ektron Content Management System (CMS) versions prior to 8.02 SP5

Description: The issue allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or possibly have unspecified other impact via crafted XSL data. This is due to the XSLTCompiledTransform function configuring the XSL with enableDocumentFunction set to true.

Recommendations: For versions prior to 8.02 SP5, update to version 8.02 SP5 or later to resolve the issue. As a temporary workaround, consider disabling the XSLTCompiledTransform function until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation.