WEB APPLICATION VULNERABILITIES Standard & Premium

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4030)

Description

The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.

Remediation

References

Related Vulnerabilities

Oracle Application Server Other Vulnerability (CVE-2007-3862)

WordPress Plugin Arigato Autoresponder and Newsletter Remote Code Execution (2.5.1.9)

Oracle JRE CVE-2014-2427 Vulnerability (CVE-2014-2427)

Oracle Database Server Other Vulnerability (CVE-2007-0269)

WordPress Plugin Super Refer A Friend Information Disclosure (1.0)

Severity

Critical

Classification

CVE-2011-4030 CWE-264

Tags

Missing Update Known Vulnerabilities