CVE-2013-4196

The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request.

Published: Mar 11, 2014
Updated: Apr 13, 2023
CVE: CVE-2013-4196
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
plone / plone	4.3	4.3.x
plone / plone	4.3.1	4.3.1.x
plone / plone	3.3	3.3.x
plone / plone	4.0.5	4.0.5.x
plone / plone	3.0.1	3.0.1.x
plone / plone	3.0	3.0.x
plone / plone	3.2.3	3.2.3.x
plone / plone	3.1.4	3.1.4.x
plone / plone	3.1.5.1	3.1.5.1.x
plone / plone	2.1.4	2.1.4.x
plone / plone	4.0.2	4.0.2.x
plone / plone	3.3.5	3.3.5.x
plone / plone	3.0.6	3.0.6.x
plone / plone	2.5.4	2.5.4.x
plone / plone	3.2	3.2.x
plone / plone	3.1.1	3.1.1.x
plone / plone	2.1.1	2.1.1.x
plone / plone	3.3.4	3.3.4.x
plone / plone	3.3.2	3.3.2.x
plone / plone	4.0.4	4.0.4.x
plone / plone	3.1.7	3.1.7.x
plone / plone	2.5.1	2.5.1.x
plone / plone	4.1	4.1.x
plone / plone	2.5.3	2.5.3.x
plone / plone	3.2.2	3.2.2.x
plone / plone	2.1.2	2.1.2.x
plone / plone	3.0.3	3.0.3.x
plone / plone	3.3.1	3.3.1.x
plone / plone	3.0.4	3.0.4.x
plone / plone	3.1.2	3.1.2.x
plone / plone	3.2.1	3.2.1.x
plone / plone	4.0	4.0.x
plone / plone	3.0.5	3.0.5.x
plone / plone	4.0.6.1	4.0.6.1.x
plone / plone	2.5	2.5.x
plone / plone	2.5.2	2.5.2.x
plone / plone	4.0.1	4.0.1.x
plone / plone	3.0.2	3.0.2.x
plone / plone	2.1	2.1.x
plone / plone	3.1	3.1.x
plone / plone	3.3.3	3.3.3.x
plone / plone	2.1.3	2.1.3.x
plone / plone	3.1.6	3.1.6.x
plone / plone	3.1.3	3.1.3.x
plone / plone	4.0.3	4.0.3.x
plone / plone	2.5.5	2.5.5.x
plone / plone	4.2.3	4.2.3.x
plone / plone	4.2.2	4.2.2.x
plone / plone	4.2.5	4.2.5.x
plone / plone	4.2.4	4.2.4.x
plone / plone	4.2	4.2.x
plone / plone	4.2.1	4.2.1.x

Vulnerability Database

289,784

CVE-2013-4196