Cross-Site Request Forgery in Zope Management Interface and Plone
CVE-2015-7293

8.8HIGH

Key Information:

Vendor

Plone

Status
Plone
Vendor
CVE Published:
25 September 2017

What is CVE-2015-7293?

The Zope Management Interface and Plone contain multiple vulnerabilities that allow an attacker to exploit cross-site request forgery (CSRF) conditions. This can lead to unauthorized actions being performed without the user's consent. The vulnerability primarily affects version 4.3.7 of the Zope Management Interface and all versions of Plone prior to 5.x. Organizations using these platforms are advised to implement security measures to mitigate potential CSRF attacks, particularly through the application of hotfixes and updates provided by the vendor.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://packetstormsecurity.com/files/133889/Zope-Manageme...
x_refsource_MISC
https://www.exploit-db.com/exploits/38411/
exploitx_refsource_EXPLOIT-DB
https://plone.org/security/hotfix/20151006
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.