CVE Vulnerabilities

CVE-2011-4030

Published: Oct 10, 2011 | Modified: Oct 30, 2011
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.

Affected Software

Name Vendor Start Version End Version
Plone Plone 4.2a1 4.2a1
Cmfeditions Plone 2.0b6 2.0b6
Plone Plone 4.0.5 4.0.5
Plone Plone 4.0.2 4.0.2
Cmfeditions Plone 2.0b5 2.0b5
Plone Plone 4.0.8 4.0.8
Plone Plone 4.0.7 4.0.7
Plone Plone 4.0.4 4.0.4
Cmfeditions Plone 2.0b3 2.0b3
Plone Plone 4.0.9 4.0.9
Cmfeditions Plone 2.0b8 2.0b8
Plone Plone 4.1 4.1
Cmfeditions Plone 2.0b2 2.0b2
Plone Plone 4.0 4.0
Cmfeditions Plone 2.0b7 2.0b7
Plone Plone 4.0.6.1 4.0.6.1
Cmfeditions Plone 2.0a1 2.0a1
Plone Plone 4.0.1 4.0.1
Cmfeditions Plone 2.0b9 2.0b9
Cmfeditions Plone 2.0b1 2.0b1
Plone Plone 4.0.3 4.0.3
Plone Plone 4.2a2 4.2a2
Cmfeditions Plone 2.0b4 2.0b4
Plone Plone 4.2 4.2

References