CVE-2011-4030

The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.

Published: Oct 10, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-4030
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
plone / plone	4.2a1	4.2a1.x
plone / cmfeditions	2.0b6	2.0b6.x
plone / plone	4.0.5	4.0.5.x
plone / plone	4.0.2	4.0.2.x
plone / cmfeditions	2.0b5	2.0b5.x
plone / plone	4.0.8	4.0.8.x
plone / plone	4.0.7	4.0.7.x
plone / plone	4.0.4	4.0.4.x
plone / cmfeditions	2.0b3	2.0b3.x
plone / plone	4.0.9	4.0.9.x
plone / cmfeditions	2.0b8	2.0b8.x
plone / plone	4.1	4.1.x
plone / cmfeditions	2.0b2	2.0b2.x
plone / plone	4.0	4.0.x
plone / cmfeditions	2.0b7	2.0b7.x
plone / plone	4.0.6.1	4.0.6.1.x
plone / cmfeditions	2.0a1	2.0a1.x
plone / plone	4.0.1	4.0.1.x
plone / cmfeditions	2.0b9	2.0b9.x
plone / cmfeditions	2.0b1	2.0b1.x
plone / plone	4.0.3	4.0.3.x
plone / plone	4.2a2	4.2a2.x
plone / cmfeditions	2.0b4	2.0b4.x
plone / plone	4.2	4.2.x

Vulnerability Database

289,782

CVE-2011-4030