Lucene search

GitHub Advisory DatabaseGHSA-PQ3X-96C3-XGJG

HistoryJul 23, 2018 - 7:50 p.m.

Moderate severity vulnerability that affects Products.PlonePAS

2018-07-2319:50:29

CWE-287

GitHub Advisory Database

github.com

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.0%

JSON

The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.

Affected configurations

Vulners

Node

products.plonepasRange<3.9

CPENameOperatorVersion
products.plonepaslt3.9

CPE	Name	Operator	Version
	products.plonepas	lt	3.9

References

osvdb.org/53975

plone.org/products/plone/security/advisories/cve-2009-0662

secunia.com/advisories/34840

www.securityfocus.com/bid/34664

exchange.xforce.ibmcloud.com/vulnerabilities/50061

github.com/advisories/GHSA-pq3x-96c3-xgjg

nvd.nist.gov/vuln/detail/CVE-2009-0662

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.0%

JSON

Related for GHSA-PQ3X-96C3-XGJG