The CMFEditions component 2.x in Plone 4.0.x up to and including 4.0.9, 4.1, and 4.2 up to and including 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote malicious users to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
plone cmfeditions 2.0b6 |
||
plone cmfeditions 2.0b7 |
||
plone cmfeditions 2.0b8 |
||
plone plone 4.0.4 |
||
plone plone 4.0.6.1 |
||
plone plone 4.2a1 |
||
plone cmfeditions 2.0a1 |
||
plone cmfeditions 2.0b1 |
||
plone cmfeditions 2.0b9 |
||
plone plone 4.0.1 |
||
plone plone 4.0.7 |
||
plone plone 4.0.9 |
||
plone cmfeditions 2.0b4 |
||
plone cmfeditions 2.0b5 |
||
plone plone 4.0.5 |
||
plone plone 4.0 |
||
plone plone 4.2a2 |
||
plone plone 4.2 |
||
plone cmfeditions 2.0b2 |
||
plone cmfeditions 2.0b3 |
||
plone plone 4.0.3 |
||
plone plone 4.0.2 |
||
plone plone 4.0.8 |
||
plone plone 4.1 |