Vulnerability Details : CVE-2012-5491

z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.

Vulnerability category: Information leak

Published 2014-09-30 14:55:06

Updated 2014-10-01 16:30:14

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2012-5491

Probability of exploitation activity in the next 30 days: 0.36%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 68 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-5491

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	[email protected]
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2012-5491

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: [email protected] (Primary)

References for CVE-2012-5491

Products affected by CVE-2012-5491

Plone » Plone
Versions up to, including, (<=) 4.2.2
cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.0.5
cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.1.2
cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.5
cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.5.1
cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.0
cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.0.1
cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.0.2
cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.5.4
cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.1
cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.5.2
cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.0.3
cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.0.5
cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.1.5.1
cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.1.7
cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.3
cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.3.2
cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.1.1
cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.1.3
cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.1.4
cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.0.6
cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.1
cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.1.1
cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.1.2
cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.1.3
cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.3.4
cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.3.5
cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.5.5
cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.2
cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.2.1
cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.2.2
cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.2.3
cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.5.3
cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.0.4
cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.1.4
cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.1.6
cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.3.1
cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.3.3
cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.0
cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.0.4
cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.0.3
cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 1.0.2
cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 1.0.5
cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.0
cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 1.0.3
cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 1.0.4
cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 1.0
cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.0.2
cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 1.0.1
cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 1.0.6
cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.0.1
cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.0.1
cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.0.6.1
cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.0.5
cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.0.4
cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.0.3
cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.0.2
cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.1
cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2
cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2.0.1
cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.1.6
cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.1.5
cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.3
cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2 Update B2
cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2 Update B1
cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2.1
cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2.1.1
cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2 Update A2
cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2 Update A1
cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2 Update RC2
cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2 Update RC1
cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.1.4
cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*
Matching versions