← Back

CVE-2012-5508

nvd nist
Published: Nov 3, 2014Modified: May 6, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope.

Affected (64)

Products: Plone: Plone
Plone
1 product
Plone
Configuration A
64 vulnerable
Vulnerable SoftwareAffected Versions
Plone
Plone
Up to 4.2.2
Plone
Version 1.0.1
Plone
Version 1.0.2
Plone
Version 1.0.3
Plone
Version 1.0.4
Plone
Version 1.0.5
Plone
Version 1.0.6
Plone
Version 1.0
Plone
Version 2.0.1
Plone
Version 2.0.2
Plone
Version 2.0.3
Plone
Version 2.0.4
Plone
Version 2.0.5
Plone
Version 2.0
Plone
Version 2.1.1
Plone
Version 2.1.2
Plone
Version 2.1.3
Plone
Version 2.1.4
Plone
Version 2.1
Plone
Version 2.5.1
Plone
Version 2.5.2
Plone
Version 2.5.3
Plone
Version 2.5.4
Plone
Version 2.5.5
Plone
Version 2.5
Plone
Version 3.0.1
Plone
Version 3.0.2
Plone
Version 3.0.3
Plone
Version 3.0.4
Plone
Version 3.0.5
Plone
Version 3.0.6
Plone
Version 3.0
Plone
Version 3.1.1
Plone
Version 3.1.2
Plone
Version 3.1.3
Plone
Version 3.1.4
Plone
Version 3.1.5.1
Plone
Version 3.1.6
Plone
Version 3.1.7
Plone
Version 3.1
Plone
Version 3.2.1
Plone
Version 3.2.2
Plone
Version 3.2.3
Plone
Version 3.2
Plone
Version 3.3.1
Plone
Version 3.3.2
Plone
Version 3.3.3
Plone
Version 3.3.4
Plone
Version 3.3.5
Plone
Version 3.3
Plone
Version 4.0.1
Plone
Version 4.0.2
Plone
Version 4.0.3
Plone
Version 4.0.4
Plone
Version 4.0.5
Plone
Version 4.0.6.1
Plone
Version 4.0
Plone
Version 4.1.4
Plone
Version 4.1.5
Plone
Version 4.1.6
Plone
Version 4.1
Plone
Version 4.2.1
Plone
Version 4.2
Plone
Version 4.3

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

Source: secalert@redhat.com
Source: secalert@redhat.com
Exploit
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.