Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ud5f-7gx8-83d6
Vulnerability ID VCID-ud5f-7gx8-83d6
Aliases CVE-2013-4196
GHSA-qphh-5fv5-2mjj
PYSEC-2014-60
Summary The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
http://plone.org/products/plone-hotfix/releases/20130618
http://plone.org/products/plone/security/advisories/20130618-announcement
https://bugzilla.redhat.com/show_bug.cgi?id=978475
http://seclists.org/oss-sec/2013/q3/261
https://github.com/plone/Plone
https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-60.yaml
CVE-2013-4196 https://nvd.nist.gov/vuln/detail/CVE-2013-4196
GHSA-qphh-5fv5-2mjj https://github.com/advisories/GHSA-qphh-5fv5-2mjj
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:03:28.557233+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-60.yaml 38.6.0