[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-4030Date: (C)2011-10-10   (M)2023-12-22


The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECUNIA-46323
BID-50287
http://plone.org/products/plone-hotfix/releases/20110928
http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip
http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0

CPE    9
cpe:/a:plone:plone:4.0.3
cpe:/a:plone:plone:4.0.2
cpe:/a:plone:plone:4.0.5
cpe:/a:plone:plone:4.0.4
...
CWE    1
CWE-264

© SecPod Technologies