CVE-2009-0668

EPSS 0.64%
Veröffentlicht 07.08.2009 19:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zope ≫ Zodb Version <= 3.8.1

Zope ≫ Zodb Version2.8.11

Zope ≫ Zodb Version2.9.11

Zope ≫ Zodb Version2.10.9

Zope ≫ Zodb Version2.11.4

Zope ≫ Zodb Version3.1

Zope ≫ Zodb Version3.1.1

Zope ≫ Zodb Version3.2

Zope ≫ Zodb Version3.2.4

Zope ≫ Zodb Version3.3

Zope ≫ Zodb Version3.3.3

Zope ≫ Zodb Version3.4

Zope ≫ Zodb Version3.4.1

Zope ≫ Zodb Version3.5

Zope ≫ Zodb Version3.6

Zope ≫ Zodb Version3.7

Zope ≫ Zodb Version3.8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.64%	0.681

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html

http://osvdb.org/56827

http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2

http://secunia.com/advisories/36204

Vendor Advisory

http://secunia.com/advisories/36205

Vendor Advisory

http://www.securityfocus.com/bid/35987

http://www.vupen.com/english/advisories/2009/2217

https://exchange.xforce.ibmcloud.com/vulnerabilities/52377

https://nvd.nist.gov/vuln/detail/CVE-2009-0668

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0668

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0668

EUVD