GoogleOSV:GHSA-7944-H5RW-QMJXZCatalog plug-in for Zope allows anonymous users to bypass access restrictions
7.1 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
73.1%
ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.
References
nvd.nist.gov/vuln/detail/CVE-2002-0688
web.archive.org/web/20020810160608/www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alert
web.archive.org/web/20020822025750/www.iss.net/security_center/static/9610.php
web.archive.org/web/20021206023914/rhn.redhat.com/errata/RHSA-2002-060.html
web.archive.org/web/20021223212650/online.securityfocus.com/bid/5812
web.archive.org/web/20070430090648/www.debian.org/security/2004/dsa-490
Related
7.1 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
73.1%