CVE-2012-2315

Name of the Vulnerable Software and Affected Versions OpenKM versions prior to 5.1.8-2

Description The issue concerns the improper enforcement of privileges for changing user roles. This allows remote authenticated users to assign administrator privileges to arbitrary users via the "userEdit" action.

Recommendations For versions prior to 5.1.8-2, update to version 5.1.8-2 or later to resolve the issue. As a temporary workaround, consider restricting access to the userEdit action to prevent unauthorized assignment of administrator privileges.