← Back

CVE-2009-0662

nvd nist
Published: Apr 23, 2009Modified: Apr 23, 2026

JSON object

Loading...
6.0
Vector
AV:N/AC:M/Au:S/C:P/I:P/A:P
Exploitability: 6.8 / Impact: 6.4
Source: NVD

Description

The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.

Affected (6)

Products: Plone: Plonepas
Plone
1 product
Plonepas
Configuration A
6 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Plone
Plonepas
Version 3.0
Plonepas
Version 3.1
Plonepas
Version 3.2
Plonepas
Version 3.3
Plonepas
Version 3.4
Plonepas
Version 3.5
Running on/withPlatform Versions
Plone
Plone
All versions

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (10)

Source: cve@mitre.org
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.