Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2528

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-2528
Last Modified 25 Jul 2011 12:00:00
Published 19 Jul 2011 04:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2528

Summary

Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.

Vulnerable Systems

Application

  • Plone 3.0

  • Plone 3.0.1

  • Plone 3.0.2

  • Plone 3.0.3

  • Plone 3.0.4

  • Plone 3.0.5

  • Plone 3.0.6

  • Plone 3.1

  • Plone 3.1.1

  • Plone 3.1.2

  • Plone 3.1.3

  • Plone 3.1.4

  • Plone 3.1.5.1

  • Plone 3.1.6

  • Plone 3.1.7

  • Plone 3.2

  • Plone 3.2.1

  • Plone 3.2.2

  • Plone 3.2.3

  • Plone 3.3

  • Plone 3.3.1

  • Plone 3.3.2

  • Plone 3.3.3

  • Plone 3.3.4

  • Plone 3.3.5

  • Plone 3.3.6

  • Plone 4.0

  • Plone 4.0.1

  • Plone 4.0.2

  • Plone 4.0.3

  • Plone 4.0.4

  • Plone 4.0.5

  • Plone 4.0.6.1

  • Plone 4.0.7

  • Plone 4.0.8

  • Plone 4.1

  • Plone Hotfix 20110720

  • Zope 2.12.0

  • Zope 2.12.1

  • Zope 2.12.10

  • Zope 2.12.11

  • Zope 2.12.12

  • Zope 2.12.13

  • Zope 2.12.14

  • Zope 2.12.15

  • Zope 2.12.16

  • Zope 2.12.17

  • Zope 2.12.18

  • Zope 2.12.2

  • Zope 2.12.3

  • Zope 2.12.4

  • Zope 2.12.5

  • Zope 2.12.6

  • Zope 2.12.7

  • Zope 2.12.8

  • Zope 2.12.9

  • Zope 2.13.0

  • Zope 2.13.1

  • Zope 2.13.2

  • Zope 2.13.3

  • Zope 2.13.4

  • Zope 2.13.5

  • Zope 2.13.6

  • Zope 2.13.7


References

MLIST - [zone-announce] 20110628 Security Hotfix 20110622 released

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=718824

MLIST - [oss-security] 20110712 Re: CVE request: plone privilege escalation flaw

MLIST - [oss-security] 20110704 CVE request: plone privilege escalation flaw

CONFIRM - http://plone.org/products/plone/security/advisories/20110622

CONFIRM - http://plone.org/products/plone-hotfix/releases/20110622

SECUNIA - 45111

SECUNIA - 45056


Last Updated: 27 May 2016 10:57:02