Description

The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.

Remediation

References

CVE-2011-4030

Related Vulnerabilities

Oracle Database Server CVE-2020-2516 Vulnerability (CVE-2020-2516)

WordPress Plugin Import and export users and customers CSV Injection (1.16.3.5)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2017-17485)

WordPress Plugin link-list-manager Cross-Site Scripting (1.0)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3548)

Severity

Critical

Classification

CVE-2011-4030 CWE-264

Tags

Missing Update Known Vulnerabilities