WEB APPLICATION VULNERABILITIES Standard & Premium

Plone CMS Missing Authentication for Critical Function Vulnerability (CVE-2020-35190)

Description

The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.

Remediation

References

Related Vulnerabilities

Jboss EAP Improper Input Validation Vulnerability (CVE-2010-1871)

Jetty Improper Input Validation Vulnerability (CVE-2022-2047)

WordPress Same Origin Method Execution (SOME) Vulnerability (0.70 - 3.7.13)

Liferay DXP Observable Discrepancy Vulnerability (CVE-2024-25146)

WordPress Plugin WooCommerce Customers Manager Privilege Escalation (26.4)

Severity

Critical

Classification

CVE-2020-35190 CWE-306 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities