High severityNVD Advisory· Published Jul 23, 2002· Updated Apr 16, 2026

CVE-2002-0688

Description

ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
zopePyPI	>= 2.4.0, < 2.6.0	2.6.0

Affected products

Zope/Zope2 versions
cpe:2.3:a:zope:zope:2.4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:zope:zope:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.5.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alertnvdPatchVendor Advisory
github.com/advisories/GHSA-7944-h5rw-qmjxghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2002-0688ghsaADVISORY
web.archive.org/web/20020810160608/http://www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alertghsaWEB
web.archive.org/web/20020822025750/http://www.iss.net/security_center/static/9610.phpghsaWEB
web.archive.org/web/20021206023914/http://rhn.redhat.com/errata/RHSA-2002-060.htmlghsaWEB
web.archive.org/web/20021223212650/http://online.securityfocus.com/bid/5812ghsaWEB
web.archive.org/web/20070430090648/http://www.debian.org/security/2004/dsa-490ghsaWEB
www.debian.org/security/2004/dsa-490nvd
www.iss.net/security_center/static/9610.phpnvd
www.redhat.com/support/errata/RHSA-2002-060.htmlnvd
www.securityfocus.com/bid/5812nvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000