漏洞关键信息 CVE编号: CVE-2009-0700 漏洞类型: 安全绕过 (Security Bypass) CVSS 2.0 Base Score: 5.5 - Access Vector: Network - Access Complexity: Low - Authentication: Single - Confidentiality Impact: Partial - Integrity Impact: Partial - Availability Impact: None CVSS 2.0 Temporal Score: 4.8 - Exploitability: High - Remediation Level: Official Fix - Report Confidence: Confirmed 后果: 绕过安全措施 (Bypass Security) 修复建议: 升级到BusinessManager的最新版本(4.2或更高版本),可从Plonet网站获取。 受影响产品: Plonet BusinessManager 4.1 外部链接: - BugTraq Mailing List, Wed Jan 07 2009 - 09:30:18 CST - Plonet Web site - BugTraq Mailing List, Fri Jan 09 2009 - 04:09:34 CST - BID-33153 描述: 攻击者可以利用此漏洞通过使用Pfad参数或直接请求绕过访问控制列表(ACL)的安全限制,从而获得对客户、订单和工作信息的未经授权的访问。