CVE-2011-4030

Name of the Vulnerable Software and Affected Versions Plone versions 4.0.x through 4.0.9 Plone version 4.1 Plone versions 4.2 through 4.2a2 CMFEditions component version 2.x

Description The issue allows remote attackers to access sub-objects via unspecified vectors because the CMFEditions component does not prevent the KwAsAttributes classes from being publishable.

Recommendations For Plone versions 4.0.x through 4.0.9, consider restricting access to the CMFEditions component until a fix is available. For Plone version 4.1, restrict access to the CMFEditions component until a fix is available. For Plone versions 4.2 through 4.2a2, restrict access to the CMFEditions component until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.