5

CVE-2000-1212

Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZopeZope Version2.2.0
ZopeZope Version2.2.0a1
ZopeZope Version2.2.0b1
ZopeZope Version2.2.0b2
ZopeZope Version2.2.0b3
ZopeZope Version2.2.0b4
ZopeZope Version2.2.1
ZopeZope Version2.2.1b1
ZopeZope Version2.2.2
ZopeZope Version2.2.3
ZopeZope Version2.2.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.53% 0.715
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:086
http://www.debian.org/security/2001/dsa-007
http://www.osvdb.org/6283
http://www.redhat.com/support/errata/RHSA-2000-135.html
http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/5778