PT-2014-2335 · Plone · Plone
Christian Heimes
+1
·
Published
2014-11-03
·
Updated
2023-02-13
·
CVE-2012-5508
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Plone versions prior to 4.2.3
Plone versions 4.3 prior to beta 1
Description
The issue allows remote attackers to obtain random numbers and derive the PRNG state for password resets. This could potentially be used to gain unauthorized access.
Recommendations
For Plone versions prior to 4.2.3, update to version 4.2.3 or later.
For Plone versions 4.3 prior to beta 1, update to beta 1 or later.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Plone