CVE-2011-4030

{"id": "CVE-2011-4030", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-10-10T10:55:06.957", "references": [{"url": "http://plone.org/products/plone-hotfix/releases/20110928", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/46323", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/50287", "source": "cve@mitre.org"}, {"url": "http://plone.org/products/plone-hotfix/releases/20110928", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/46323", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/50287", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587."}, {"lang": "es", "value": "El componente CMFEditions v2.x en Plone v4.0.x hasta v4.0.9, v4.1, y v4.2 hasta v4.2a2 no previene clases KwAsAttributes publicables, lo que permite a atacantes remotos acceder a sub-objetos a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente que CVE-2011-3587."}], "lastModified": "2024-11-21T01:31:43.533", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:plone:cmfeditions:2.0a1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E94E45E-ADAC-4CD6-B7E9-3F7C4C501BEE"}, {"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC31071B-BD99-490F-8B86-5441949AF65D"}, {"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07243926-511B-4464-96BA-B5FF2829FB2C"}, {"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBB08BCC-175E-4D97-B0E7-C5BA415DA45E"}, {"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAA5BDE2-D9A7-4088-B32A-C10DFC931792"}, {"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19166094-7736-4B98-A5E6-AD173ED4BC68"}, {"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00E46DF5-093B-4194-90DE-EC156D9E308D"}, {"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CF4166A-265D-4DB7-B629-C2C729EA8BAD"}, {"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6582FFEB-3F3A-4F4A-83A5-56DB5F66C1E1"}, {"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B05ADE03-C904-4923-8931-28B154A3D01A"}, {"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604"}, {"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8"}, {"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0"}, {"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B"}, {"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD"}, {"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611"}, {"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B"}, {"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489"}, {"criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58"}, {"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E"}, {"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD"}, {"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728"}, {"criteria": "cpe:2.3:a:plone:plone:4.2a1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CA5A1E3-EC1E-482D-B074-1304FBF963F2"}, {"criteria": "cpe:2.3:a:plone:plone:4.2a2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DE6064F-67CC-4DA5-A4A8-D9E1F701B1A5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}