CVE-2009-0662

The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.

Published Bycve@mitre.org

Published DateApr 23, 2009, 17:30

Affected Versions(1)

Products.PlonePAS(PyPI)

Introduced3

Fixed3.9

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
Products.PlonePAS(PyPI)	3	3.9	N/A

Weakness Type (CWE):CWE-287

CVSS Metrics

Base Score

Vector String

AV:N/AC:M/Au:S/C:P/I:P/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

PARTIAL

References

Weakness Type (CWE):CWE-287

CVSS Metrics

Base Score

Vector String

AV:N/AC:M/Au:S/C:P/I:P/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

PARTIAL