CVE-2011-4030

The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
plonecmfeditions
2.0a1:a1
plonecmfeditions
2.0b1:b1
plonecmfeditions
2.0b2:b2
plonecmfeditions
2.0b3:b3
plonecmfeditions
2.0b4:b4
plonecmfeditions
2.0b5:b5
plonecmfeditions
2.0b6:b6
plonecmfeditions
2.0b7:b7
plonecmfeditions
2.0b8:b8
plonecmfeditions
2.0b9:b9
ploneplone
4.0
ploneplone
4.0.1
ploneplone
4.0.2
ploneplone
4.0.3
ploneplone
4.0.4
ploneplone
4.0.5
ploneplone
4.0.6.1
ploneplone
4.0.7
ploneplone
4.0.8
ploneplone
4.0.9
ploneplone
4.1
ploneplone
4.2
ploneplone
4.2a1:a1
ploneplone
4.2a2:a2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://plone.org/products/plone-hotfix/releases/20110928
http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip
http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0
http://secunia.com/advisories/46323
http://www.securityfocus.com/bid/50287
http://plone.org/products/plone-hotfix/releases/20110928
http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip
http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0
http://secunia.com/advisories/46323
http://www.securityfocus.com/bid/50287