4

CVE-2013-4198

mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality.

Data is provided by the National Vulnerability Database (NVD)
PlonePlone Version2.1
PlonePlone Version2.1.1
PlonePlone Version2.1.2
PlonePlone Version2.1.3
PlonePlone Version2.1.4
PlonePlone Version2.5
PlonePlone Version2.5.1
PlonePlone Version2.5.2
PlonePlone Version2.5.3
PlonePlone Version2.5.4
PlonePlone Version2.5.5
PlonePlone Version3.0
PlonePlone Version3.0.1
PlonePlone Version3.0.2
PlonePlone Version3.0.3
PlonePlone Version3.0.4
PlonePlone Version3.0.5
PlonePlone Version3.0.6
PlonePlone Version3.1
PlonePlone Version3.1.1
PlonePlone Version3.1.2
PlonePlone Version3.1.3
PlonePlone Version3.1.4
PlonePlone Version3.1.5.1
PlonePlone Version3.1.6
PlonePlone Version3.1.7
PlonePlone Version3.2
PlonePlone Version3.2.1
PlonePlone Version3.2.2
PlonePlone Version3.2.3
PlonePlone Version3.3
PlonePlone Version3.3.1
PlonePlone Version3.3.2
PlonePlone Version3.3.3
PlonePlone Version3.3.4
PlonePlone Version3.3.5
PlonePlone Version4.0
PlonePlone Version4.0.1
PlonePlone Version4.0.2
PlonePlone Version4.0.3
PlonePlone Version4.0.4
PlonePlone Version4.0.5
PlonePlone Version4.0.6.1
PlonePlone Version4.1
PlonePlone Version4.3
PlonePlone Version4.3.1
PlonePlone Version4.2
PlonePlone Version4.2.1
PlonePlone Version4.2.2
PlonePlone Version4.2.3
PlonePlone Version4.2.4
PlonePlone Version4.2.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.31% 0.507
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:P/A:N