6

CVE-2009-2701

EPSS 0.42%
Published 08.09.2009 18:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.

Affected products Warnungen 0 Metrics 2 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Zope ≫ Zodb Version3.8

Zope ≫ Zodb Version3.8.0

Zope ≫ Zodb Version3.8.1

Zope ≫ Zodb Version3.8.2

Zope ≫ Zodb Version3.9.0

Zope ≫ Zodb Version3.9.0b1

Zope ≫ Zodb Version3.9.0b2

Zope ≫ Zodb Version3.9.0b3

Zope ≫ Zodb Version3.9.0b4

Zope ≫ Zodb Version3.9.0b5

Zope ≫ Zodb Version3.9.0c1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.42%	0.589

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6	6.8	6.4	AV:N/AC:M/Au:S/C:P/I:P/A:P

http://pypi.python.org/pypi/ZODB3/3.8.3

Patch

http://pypi.python.org/pypi/ZODB3/3.9.0c2

Patch

http://www.vupen.com/english/advisories/2009/2534

Patch

Vendor Advisory

https://mail.zope.org/pipermail/zope-announce/2009-September/002221.html

Patch

https://nvd.nist.gov/vuln/detail/CVE-2009-2701

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2701

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2701

EUVD