CVE Vulnerabilities

CVE-2011-4030

Published: Oct 10, 2011 | Modified: Oct 30, 2011
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
4.3 LOW
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu

The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.

Affected Software

Name Vendor Start Version End Version
Cmfeditions Plone 2.0a1 (including) 2.0a1 (including)
Cmfeditions Plone 2.0b1 (including) 2.0b1 (including)
Cmfeditions Plone 2.0b2 (including) 2.0b2 (including)
Cmfeditions Plone 2.0b3 (including) 2.0b3 (including)
Cmfeditions Plone 2.0b4 (including) 2.0b4 (including)
Cmfeditions Plone 2.0b5 (including) 2.0b5 (including)
Cmfeditions Plone 2.0b6 (including) 2.0b6 (including)
Cmfeditions Plone 2.0b7 (including) 2.0b7 (including)
Cmfeditions Plone 2.0b8 (including) 2.0b8 (including)
Cmfeditions Plone 2.0b9 (including) 2.0b9 (including)
Plone Plone 4.0 (including) 4.0 (including)
Plone Plone 4.0.1 (including) 4.0.1 (including)
Plone Plone 4.0.2 (including) 4.0.2 (including)
Plone Plone 4.0.3 (including) 4.0.3 (including)
Plone Plone 4.0.4 (including) 4.0.4 (including)
Plone Plone 4.0.5 (including) 4.0.5 (including)
Plone Plone 4.0.6.1 (including) 4.0.6.1 (including)
Plone Plone 4.0.7 (including) 4.0.7 (including)
Plone Plone 4.0.8 (including) 4.0.8 (including)
Plone Plone 4.0.9 (including) 4.0.9 (including)
Plone Plone 4.1 (including) 4.1 (including)
Plone Plone 4.2 (including) 4.2 (including)
Plone Plone 4.2a1 (including) 4.2a1 (including)
Plone Plone 4.2a2 (including) 4.2a2 (including)

References