CVE-2009-2701 — Zodb vulnerability

6 documents5 sources

Severity

6.0MEDIUMNVD

EPSS

0.4%

top 38.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zope Zodb

Timeline

PublishedSep 8

Latest updateMay 2

Description

Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages1 packages

▶NVDzope/zodb11 versions+10

Patches

Patch: pypi.python.org ↗Patch: pypi.python.org ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

Zope Object Database (ZODB) Arbitrary files reading and deletion↗2022-05-02

▶

OSV

Zope Object Database (ZODB) Arbitrary files reading and deletion↗2022-05-02

▶

OSV

CVE-2009-2701: Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3↗2009-09-08

▶

📋Vendor Advisories

Red Hat

Zope: Information disclosure (files read, removal) when ZEO server configured with blobs support↗2009-09-01

▶

💬Community

Bugzilla

CVE-2009-2701 Zope: Information disclosure (files read, removal) when ZEO server configured with blobs support↗2009-09-10

▶