Moderate severityNVD Advisory· Published Apr 23, 2009· Updated Jun 16, 2026
CVE-2009-0662
CVE-2009-0662
Description
The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Products.PlonePASPyPI | >= 3, < 3.9 | 3.9 |
Affected products
7cpe:2.3:a:plone:plonepas:3.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:plone:plonepas:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plonepas:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plonepas:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plonepas:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plonepas:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plonepas:3.5:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
8- plone.org/products/plone/security/advisories/cve-2009-0662nvdPatchVendor AdvisoryWEB
- secunia.com/advisories/34840nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-pq3x-96c3-xgjgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2009-0662ghsaADVISORY
- osvdb.org/53975nvdWEB
- www.securityfocus.com/bid/34664nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/50061nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2009-17.yamlghsaWEB
News mentions
0No linked articles in our index yet.