CVE-2001-0128

5 documents5 sources
Severity
7.2HIGH
EPSS
0.1%
top 82.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Zope ZopeConectiva LinuxDebian Debian Linux+4 more
Timeline
PublishedMar 12
Latest updateMay 3

Description

Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages5 packages

NVDzope/zope2.2.4
NVDredhat/linux6.1, 6.2, 7.0+2
NVDconectiva/linux4 versions+3
NVDredhat/linux_powertools6.1, 6.2, 7.0+2

Also affects: Freebsd 6.2, Debian Linux 2.2

Patches

Patch: ftp.freebsd.orgPatch: www.debian.orgPatch: www.linux-mandrake.com

🔴Vulnerability Details

2
GHSA
GHSA-wqxw-f744-5fh2: Zope before 22022-05-03
CVEList
CVE-2001-0128: Zope before 22001-05-07

📋Vendor Advisories

1
Red Hat
security flaw2000-12-16

💬Community

1
Bugzilla
CVE-2001-0128 security flaw2018-08-16
CVE-2001-0128 (HIGH CVSS 7.2) | Zope before 2.2.4 does not properly | cvebase.io