CVE-2012-5489

EPSS 0.58%
Veröffentlicht 30.09.2014 14:55:06
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Plone ≫ Plone Version <= 4.2.2

Plone ≫ Plone Version1.0

Plone ≫ Plone Version1.0.1

Plone ≫ Plone Version1.0.2

Plone ≫ Plone Version1.0.3

Plone ≫ Plone Version1.0.4

Plone ≫ Plone Version1.0.5

Plone ≫ Plone Version1.0.6

Plone ≫ Plone Version2.0

Plone ≫ Plone Version2.0.1

Plone ≫ Plone Version2.0.2

Plone ≫ Plone Version2.0.3

Plone ≫ Plone Version2.0.4

Plone ≫ Plone Version2.0.5

Plone ≫ Plone Version2.1

Plone ≫ Plone Version2.1.1

Plone ≫ Plone Version2.1.2

Plone ≫ Plone Version2.1.3

Plone ≫ Plone Version2.1.4

Plone ≫ Plone Version2.5

Plone ≫ Plone Version2.5.1

Plone ≫ Plone Version2.5.2

Plone ≫ Plone Version2.5.3

Plone ≫ Plone Version2.5.4

Plone ≫ Plone Version2.5.5

Plone ≫ Plone Version3.0

Plone ≫ Plone Version3.0.1

Plone ≫ Plone Version3.0.2

Plone ≫ Plone Version3.0.3

Plone ≫ Plone Version3.0.4

Plone ≫ Plone Version3.0.5

Plone ≫ Plone Version3.0.6

Plone ≫ Plone Version3.1

Plone ≫ Plone Version3.1.1

Plone ≫ Plone Version3.1.2

Plone ≫ Plone Version3.1.3

Plone ≫ Plone Version3.1.4

Plone ≫ Plone Version3.1.5.1

Plone ≫ Plone Version3.1.6

Plone ≫ Plone Version3.1.7

Plone ≫ Plone Version3.2

Plone ≫ Plone Version3.2.1

Plone ≫ Plone Version3.2.2

Plone ≫ Plone Version3.2.3

Plone ≫ Plone Version3.3

Plone ≫ Plone Version3.3.1

Plone ≫ Plone Version3.3.2

Plone ≫ Plone Version3.3.3

Plone ≫ Plone Version3.3.4

Plone ≫ Plone Version3.3.5

Plone ≫ Plone Version4.0

Plone ≫ Plone Version4.0.1

Plone ≫ Plone Version4.0.2

Plone ≫ Plone Version4.0.3

Plone ≫ Plone Version4.0.4

Plone ≫ Plone Version4.0.5

Plone ≫ Plone Version4.0.6.1

Plone ≫ Plone Version4.1

Plone ≫ Plone Version4.1.4

Plone ≫ Plone Version4.1.5

Plone ≫ Plone Version4.1.6

Plone ≫ Plone Version4.2

Plone ≫ Plone Version4.2 Updatea1

Plone ≫ Plone Version4.2 Updatea2

Plone ≫ Plone Version4.2 Updateb1

Plone ≫ Plone Version4.2 Updateb2

Plone ≫ Plone Version4.2 Updaterc1

Plone ≫ Plone Version4.2 Updaterc2

Plone ≫ Plone Version4.2.0.1

Plone ≫ Plone Version4.2.1

Plone ≫ Plone Version4.2.1.1

Plone ≫ Plone Version4.3

Zope ≫ Zope Version <= 2.13.10

Zope ≫ Zope Version2.5.1

Zope ≫ Zope Version2.6.1

Zope ≫ Zope Version2.6.4

Zope ≫ Zope Version2.7.0

Zope ≫ Zope Version2.7.3

Zope ≫ Zope Version2.7.4

Zope ≫ Zope Version2.7.5

Zope ≫ Zope Version2.7.6

Zope ≫ Zope Version2.7.7

Zope ≫ Zope Version2.7.8

Zope ≫ Zope Version2.8.1

Zope ≫ Zope Version2.8.4

Zope ≫ Zope Version2.8.6

Zope ≫ Zope Version2.8.8

Zope ≫ Zope Version2.9.2

Zope ≫ Zope Version2.9.3

Zope ≫ Zope Version2.9.4

Zope ≫ Zope Version2.9.5

Zope ≫ Zope Version2.9.6

Zope ≫ Zope Version2.9.7

Zope ≫ Zope Version2.10.3

Zope ≫ Zope Version2.10.8

Zope ≫ Zope Version2.11.0

Zope ≫ Zope Version2.11.1

Zope ≫ Zope Version2.11.2

Zope ≫ Zope Version2.11.3

Zope ≫ Zope Version2.13.0

Zope ≫ Zope Version2.13.1

Zope ≫ Zope Version2.13.2

Zope ≫ Zope Version2.13.3

Zope ≫ Zope Version2.13.4

Zope ≫ Zope Version2.13.5

Zope ≫ Zope Version2.13.6

Zope ≫ Zope Version2.13.7

Zope ≫ Zope Version2.13.8

Zope ≫ Zope Version2.13.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.58%	0.661

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

http://www.openwall.com/lists/oss-security/2012/11/10/1

https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt

https://plone.org/products/plone-hotfix/releases/20121106

Patch

https://bugs.launchpad.net/zope2/+bug/1079238

https://plone.org/products/plone/security/advisories/20121106/05

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2012-5489

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-5489

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-5489

EUVD