Sitecore web service information disclosure
National Australia Bank's Security Assurance Team.
The vendor was advised of this vulnerability prior to its public release. National Australia Bank adheres to the =93Guidelines for Security Vulnerability Reporting and Response V2.0=94 document when issuing security advisories.
Sitecore.NET 5.3.1 (rev. 071114) =96 other versions may also be vulnerable.
National Australia Bank's Security Assurance Team have identified a vulnerability in the Visual Sitecore Service, part of the Sitecore CMS application, that allows low privileged users to gain access to administrative and other users=92 credentials.
No exploit code provided. Simple SOAP/XML queries are all that is required.
Apply patch V5.3.2 rev. 090212
Vendor Advisory http://sdn5.sitecore.net/Products/Sitecore%20V5/Sitecore%20CMS%205,-d-,3/ReleaseNotes/V5,-d-,3,-d-,2/ChangeLog.aspx