Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-4193

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-4193
Last Modified 11 Mar 2014 09:24:57
Published 11 Mar 2014 03:37:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-4193

Summary

typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL.

Vulnerable Systems

Application

  • Plone 2.1

  • Plone 2.1.1

  • Plone 2.1.2

  • Plone 2.1.3

  • Plone 2.1.4

  • Plone 2.5

  • Plone 2.5.1

  • Plone 2.5.2

  • Plone 2.5.3

  • Plone 2.5.4

  • Plone 2.5.5

  • Plone 3.0

  • Plone 3.0.1

  • Plone 3.0.2

  • Plone 3.0.3

  • Plone 3.0.4

  • Plone 3.0.5

  • Plone 3.0.6

  • Plone 3.1

  • Plone 3.1.1

  • Plone 3.1.2

  • Plone 3.1.3

  • Plone 3.1.4

  • Plone 3.1.5.1

  • Plone 3.1.6

  • Plone 3.1.7

  • Plone 3.2

  • Plone 3.2.1

  • Plone 3.2.2

  • Plone 3.2.3

  • Plone 3.3

  • Plone 3.3.1

  • Plone 3.3.2

  • Plone 3.3.3

  • Plone 3.3.4

  • Plone 3.3.5

  • Plone 4.0

  • Plone 4.0.1

  • Plone 4.0.2

  • Plone 4.0.3

  • Plone 4.0.4

  • Plone 4.0.5

  • Plone 4.0.6.1

  • Plone 4.1

  • Plone 4.2

  • Plone 4.2.1

  • Plone 4.2.2

  • Plone 4.2.3

  • Plone 4.2.4

  • Plone 4.2.5

  • Plone 4.3

  • Plone 4.3.1


References

CONFIRM - http://plone.org/products/plone-hotfix/releases/20130618

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=978469

MLIST - [oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)

CONFIRM - http://plone.org/products/plone/security/advisories/20130618-announcement


Last Updated: 27 May 2016 11:04:35