CVE-2009-0662

Description

The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.

How to fix CVE-2009-0662

To remediate CVE-2009-0662, upgrade the affected package to a fixed version below.

• PyPI/plone—no fix listed
• PyPI/products-plonepas—upgrade to 3.9 or later

Is CVE-2009-0662 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• >= 3.0, <= 3.1, <= 3.2, <= 3.3, <= 3.4, <= 3.5
• >= 3, < 3.9

References (8)

• ADVISORYgithub.com/advisories/GHSA-pq3x-96c3-xgjg
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2009-0662
• WEBosvdb.org/53975
• WEBplone.org/products/plone/security/advisories/cve-2009-0662
• WEBsecunia.com/advisories/34840