Lucene search
GitHub Advisory DatabaseGHSA-PQ3X-96C3-XGJGHistoryJul 23, 2018 - 7:50 p.m.
Moderate severity vulnerability that affects Products.PlonePAS
2018-07-2319:50:29
CWE-287
GitHub Advisory Database
github.com
13
CVSS2
6
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
EPSS
0.004
Percentile
72.0%
The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.
Affected configurations
Node
products.plonepasRange3–3.9
| Vendor | Product | Version | CPE |
|---|---|---|---|
| * | products.plonepas | * | cpe:2.3:a:*:products.plonepas:*:*:*:*:*:*:*:* |
Related
ubuntucve
ubuntucve
CVE-2009-0662
2009-04-23 00:00:00
cve
cve
CVE-2009-0662
2009-04-23 17:30:01
osv
osv
Moderate severity vulnerability that affects Products.PlonePAS
2018-07-23 19:50:29
cvelist
cvelist
CVE-2009-0662
2009-04-23 17:00:00
prion
prion
Design/Logic Flaw
2009-04-23 17:30:00
nvd
nvd
CVE-2009-0662
2009-04-23 17:30:01
CVSS2
6
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
EPSS
0.004
Percentile
72.0%
Related for GHSA-PQ3X-96C3-XGJG