CVSS: 9.3EPSS: 0%CPEs: 24EXPL: 0CVE-2011-4030
https://notcve.org/view.php?id=CVE-2011-4030
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587. El componente CMFEditions v2.x en Plone v4.0.x hasta v4.0.9, v4.1, y v4.2 hasta v4.2a2 no previene clases KwAsAttributes publicables, lo que permite a atacantes remotos acceder a sub-objetos a través de vectores no especificados, una vulnerabilidad diferente que CVE-2011-3587. • http://plone.org/products/plone-hotfix/releases/20110928 http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0 http://secunia.com/advisories/46323 http://www.securityfocus.com/bid/50287 • CWE-264: Permissions, Privileges, and Access Controls •