CVE-2011-4030

high

Description

The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.

References

http://www.securityfocus.com/bid/50287

http://secunia.com/advisories/46323

http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0

http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip

http://plone.org/products/plone-hotfix/releases/20110928

Details

Source: Mitre, NVD

Published: 2011-10-10

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.01066