Description
The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34664
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50061
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34840
Patch, Vendor Advisory x_refsource_confirm
http://plone.org/products/plone/security/advisories/cve-2009-0662
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/53975
Scores
EPSS
0.0096
EPSS Percentile
57.2%
Details
CWE
CWE-287
Status
published
Products (7)
plone/plonepas
3.0
plone/plonepas
3.1
plone/plonepas
3.2
plone/plonepas
3.3
plone/plonepas
3.4
plone/plonepas
3.5
pypi/Products.PlonePAS
3 - 3.9PyPI
Published
Apr 23, 2009
Tracked Since
Feb 18, 2026