ID CVE-2011-2528
Summary Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
References
Vulnerable Configurations
  • cpe:2.3:a:plone:plone_hotfix_20110720
    cpe:2.3:a:plone:plone_hotfix_20110720
  • Plone 3.1.6
    cpe:2.3:a:plone:plone:3.1.6
  • Plone 3.1.5.1
    cpe:2.3:a:plone:plone:3.1.5.1
  • Plone 3.1.4
    cpe:2.3:a:plone:plone:3.1.4
  • Plone 3.1.3
    cpe:2.3:a:plone:plone:3.1.3
  • Plone 3.1.2
    cpe:2.3:a:plone:plone:3.1.2
  • Plone 3.1.1
    cpe:2.3:a:plone:plone:3.1.1
  • Plone 3.1
    cpe:2.3:a:plone:plone:3.1
  • Plone 3.0.6
    cpe:2.3:a:plone:plone:3.0.6
  • Plone 3.3.2
    cpe:2.3:a:plone:plone:3.3.2
  • Plone 3.3.1
    cpe:2.3:a:plone:plone:3.3.1
  • Plone 3.3
    cpe:2.3:a:plone:plone:3.3
  • Plone 3.2.3
    cpe:2.3:a:plone:plone:3.2.3
  • Plone 3.2.2
    cpe:2.3:a:plone:plone:3.2.2
  • Plone 3.2.1
    cpe:2.3:a:plone:plone:3.2.1
  • Plone 3.2
    cpe:2.3:a:plone:plone:3.2
  • Plone 3.1.7
    cpe:2.3:a:plone:plone:3.1.7
  • Plone 3.3.5
    cpe:2.3:a:plone:plone:3.3.5
  • Plone 3.3.3
    cpe:2.3:a:plone:plone:3.3.3
  • Plone 3.3.4
    cpe:2.3:a:plone:plone:3.3.4
  • Plone 3.0.3
    cpe:2.3:a:plone:plone:3.0.3
  • Plone 3.0.4
    cpe:2.3:a:plone:plone:3.0.4
  • Plone 3.0.5
    cpe:2.3:a:plone:plone:3.0.5
  • Plone 3.0
    cpe:2.3:a:plone:plone:3.0
  • Plone 3.0.2
    cpe:2.3:a:plone:plone:3.0.2
  • Plone 3.0.1
    cpe:2.3:a:plone:plone:3.0.1
  • Plone 3.3.6
    cpe:2.3:a:plone:plone:3.3.6
  • cpe:2.3:a:zope:zope:2.12.0:a2
    cpe:2.3:a:zope:zope:2.12.0:a2
  • cpe:2.3:a:zope:zope:2.12.0:b2
    cpe:2.3:a:zope:zope:2.12.0:b2
  • cpe:2.3:a:zope:zope:2.12.0:a4
    cpe:2.3:a:zope:zope:2.12.0:a4
  • cpe:2.3:a:zope:zope:2.12.0:a3
    cpe:2.3:a:zope:zope:2.12.0:a3
  • cpe:2.3:a:zope:zope:2.12.0:b1
    cpe:2.3:a:zope:zope:2.12.0:b1
  • cpe:2.3:a:zope:zope:2.12.0:b3
    cpe:2.3:a:zope:zope:2.12.0:b3
  • cpe:2.3:a:zope:zope:2.12.0:a1
    cpe:2.3:a:zope:zope:2.12.0:a1
  • cpe:2.3:a:zope:zope:2.12.0:b4
    cpe:2.3:a:zope:zope:2.12.0:b4
  • cpe:2.3:a:zope:zope:2.12.7
    cpe:2.3:a:zope:zope:2.12.7
  • cpe:2.3:a:zope:zope:2.12.5
    cpe:2.3:a:zope:zope:2.12.5
  • cpe:2.3:a:zope:zope:2.12.8
    cpe:2.3:a:zope:zope:2.12.8
  • cpe:2.3:a:zope:zope:2.12.4
    cpe:2.3:a:zope:zope:2.12.4
  • cpe:2.3:a:zope:zope:2.12.9
    cpe:2.3:a:zope:zope:2.12.9
  • cpe:2.3:a:zope:zope:2.12.11
    cpe:2.3:a:zope:zope:2.12.11
  • cpe:2.3:a:zope:zope:2.12.12
    cpe:2.3:a:zope:zope:2.12.12
  • cpe:2.3:a:zope:zope:2.12.13
    cpe:2.3:a:zope:zope:2.12.13
  • cpe:2.3:a:zope:zope:2.12.10
    cpe:2.3:a:zope:zope:2.12.10
  • cpe:2.3:a:zope:zope:2.12.14
    cpe:2.3:a:zope:zope:2.12.14
  • cpe:2.3:a:zope:zope:2.12.15
    cpe:2.3:a:zope:zope:2.12.15
  • cpe:2.3:a:zope:zope:2.12.18
    cpe:2.3:a:zope:zope:2.12.18
  • cpe:2.3:a:zope:zope:2.12.6
    cpe:2.3:a:zope:zope:2.12.6
  • cpe:2.3:a:zope:zope:2.13.0:a2
    cpe:2.3:a:zope:zope:2.13.0:a2
  • cpe:2.3:a:zope:zope:2.13.0:a3
    cpe:2.3:a:zope:zope:2.13.0:a3
  • cpe:2.3:a:zope:zope:2.13.0:a4
    cpe:2.3:a:zope:zope:2.13.0:a4
  • cpe:2.3:a:zope:zope:2.13.0:a1
    cpe:2.3:a:zope:zope:2.13.0:a1
  • cpe:2.3:a:zope:zope:2.12.16
    cpe:2.3:a:zope:zope:2.12.16
  • cpe:2.3:a:zope:zope:2.12.17
    cpe:2.3:a:zope:zope:2.12.17
  • cpe:2.3:a:zope:zope:2.12.0
    cpe:2.3:a:zope:zope:2.12.0
  • cpe:2.3:a:zope:zope:2.13.0
    cpe:2.3:a:zope:zope:2.13.0
  • cpe:2.3:a:zope:zope:2.13.0:b1
    cpe:2.3:a:zope:zope:2.13.0:b1
  • cpe:2.3:a:zope:zope:2.13.1
    cpe:2.3:a:zope:zope:2.13.1
  • cpe:2.3:a:zope:zope:2.13.2
    cpe:2.3:a:zope:zope:2.13.2
  • cpe:2.3:a:zope:zope:2.13.0:c1
    cpe:2.3:a:zope:zope:2.13.0:c1
  • cpe:2.3:a:zope:zope:2.13.4
    cpe:2.3:a:zope:zope:2.13.4
  • cpe:2.3:a:zope:zope:2.13.3
    cpe:2.3:a:zope:zope:2.13.3
  • cpe:2.3:a:zope:zope:2.13.5
    cpe:2.3:a:zope:zope:2.13.5
  • cpe:2.3:a:zope:zope:2.12.2
    cpe:2.3:a:zope:zope:2.12.2
  • cpe:2.3:a:zope:zope:2.12.1
    cpe:2.3:a:zope:zope:2.12.1
  • cpe:2.3:a:zope:zope:2.13.6
    cpe:2.3:a:zope:zope:2.13.6
  • cpe:2.3:a:zope:zope:2.12.3
    cpe:2.3:a:zope:zope:2.12.3
  • cpe:2.3:a:zope:zope:2.13.7
    cpe:2.3:a:zope:zope:2.13.7
  • Plone 4.0.1
    cpe:2.3:a:plone:plone:4.0.1
  • Plone 4.1
    cpe:2.3:a:plone:plone:4.1
  • Plone 4.0.3
    cpe:2.3:a:plone:plone:4.0.3
  • Plone 4.0.2
    cpe:2.3:a:plone:plone:4.0.2
  • Plone 4.0.5
    cpe:2.3:a:plone:plone:4.0.5
  • Plone 4.0.4
    cpe:2.3:a:plone:plone:4.0.4
  • Plone 4.0.6.1
    cpe:2.3:a:plone:plone:4.0.6.1
  • Plone 4.0
    cpe:2.3:a:plone:plone:4.0
  • Plone 4.0.7
    cpe:2.3:a:plone:plone:4.0.7
  • Plone 4.0.8
    cpe:2.3:a:plone:plone:4.0.8
CVSS
Base: 7.5 (as of 20-07-2011 - 09:50)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
refmap via4
confirm
mlist
  • [oss-security] 20110704 CVE request: plone privilege escalation flaw
  • [oss-security] 20110712 Re: CVE request: plone privilege escalation flaw
  • [zone-announce] 20110628 Security Hotfix 20110622 released
secunia
  • 45056
  • 45111
Last major update 25-07-2011 - 00:00
Published 19-07-2011 - 16:55
Back to Top