Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4030

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-4030
Last Modified 29 Oct 2011 11:39:15
Published 10 Oct 2011 06:55:06
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4030

Summary

The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.

Vulnerable Systems

Application

  • Plone 4.0

  • Plone 4.0.1

  • Plone 4.0.2

  • Plone 4.0.3

  • Plone 4.0.4

  • Plone 4.0.5

  • Plone 4.0.6.1

  • Plone 4.0.7

  • Plone 4.0.8

  • Plone 4.0.9

  • Plone 4.1

  • Plone 4.2

  • Plone 4.2a1

  • Plone 4.2a2

  • Plone Cmfeditions 2.0a1

  • Plone Cmfeditions 2.0b1

  • Plone Cmfeditions 2.0b2

  • Plone Cmfeditions 2.0b3

  • Plone Cmfeditions 2.0b4

  • Plone Cmfeditions 2.0b5

  • Plone Cmfeditions 2.0b6

  • Plone Cmfeditions 2.0b7

  • Plone Cmfeditions 2.0b8

  • Plone Cmfeditions 2.0b9


References

CONFIRM - http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0

CONFIRM - http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip

CONFIRM - http://plone.org/products/plone-hotfix/releases/20110928

BID - 50287

SECUNIA - 46323


Last Updated: 27 May 2016 10:57:48