Description
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.
Remediation
References
Related Vulnerabilities
Oracle Application Server Other Vulnerability (CVE-2007-3862)
WordPress Plugin Arigato Autoresponder and Newsletter Remote Code Execution (2.5.1.9)
Oracle JRE CVE-2014-2427 Vulnerability (CVE-2014-2427)
Oracle Database Server Other Vulnerability (CVE-2007-0269)
WordPress Plugin Super Refer A Friend Information Disclosure (1.0)