Moderate severityNVD Advisory· Published Apr 23, 2009· Updated Apr 23, 2026
CVE-2009-0662
CVE-2009-0662
Description
The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Products.PlonePASPyPI | >= 3, < 3.9 | 3.9 |
Affected products
6cpe:2.3:a:plone:plonepas:3.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:plone:plonepas:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plonepas:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plonepas:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plonepas:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plonepas:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plonepas:3.5:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- plone.org/products/plone/security/advisories/cve-2009-0662nvdPatchVendor AdvisoryWEB
- secunia.com/advisories/34840nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-pq3x-96c3-xgjgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2009-0662ghsaADVISORY
- osvdb.org/53975nvdWEB
- www.securityfocus.com/bid/34664nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/50061nvdWEB
News mentions
0No linked articles in our index yet.