Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1950

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2011-1950
Last Modified 21 Sep 2011 11:31:11
Published 06 Jun 2011 03:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-1950

Summary

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

Vulnerable Systems

Application

  • Plone 4.0

  • Plone 4.1


References

CONFIRM - http://plone.org/products/plone/security/advisories/CVE-2011-1950

XF - plone-data-security-bypass(67695)

BID - 48005

BUGTRAQ - 20110526 [CVE-REQUEST] Plone XSS and permission errors

SREASON - 8269

SECUNIA - 44775

OSVDB - 72729


Last Updated: 27 May 2016 10:56:52