CVE-2006-4247

{"id": "CVE-2006-4247", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-09-29T19:07:00.000", "references": [{"url": "http://plone.org/about/security/advisories/cve-2006-4247", "tags": ["Patch"], "source": "security@debian.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to \"an erroneous security declaration.\""}, {"lang": "es", "value": "Vulnerabilidad no especificada en el Password Reset Tool anterior a 0.4.1 sobre Plone 2.5 y 2.5.1 Release Candidate, permite a un atacante remoto reiniciar las contrase\u00f1as de otros usuarios, relacionado con \"una declaraci\u00f3n erronea de seguridad\"."}], "lastModified": "2008-09-05T21:09:12.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0"}, {"criteria": "cpe:2.3:a:plone:plone:2.5.1_rc:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C01E0884-D0A4-4511-AD4B-DBB09CB8080E"}], "operator": "OR"}]}], "sourceIdentifier": "security@debian.org"}