CVE-2009-0669

CVSS 7.5 - HIGH
Description

Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.

Affected Products
3
Vendor Product Version
zope zodb All versions
zope zodb 3.8
zope zodb 3.8.0
References
http://mail.zope.org/pipermail/zope-announce/2009-...
http://osvdb.org/56826
http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-...
http://secunia.com/advisories/36204
http://secunia.com/advisories/36205
http://www.securityfocus.com/bid/35987
http://www.vupen.com/english/advisories/2009/2217
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
http://mail.zope.org/pipermail/zope-announce/2009-...
http://osvdb.org/56826
http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-...
http://secunia.com/advisories/36204
http://secunia.com/advisories/36205
http://www.securityfocus.com/bid/35987
http://www.vupen.com/english/advisories/2009/2217
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
Weakness Types
CWE-287
CVE Information
CVE ID:
CVE-2009-0669
Published:
2009-08-07
Modified:
2026-04-23
CVSS Score:
7.5
Severity:
HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Vendors
zope
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL