CVE-2011-1950

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

CVSS v2.0 5.5 MEDIUM

5.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:P

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/72729
http://plone.org/products/plone/security/advisories/CVE-2011-1950	Patch Vendor Advisory
http://secunia.com/advisories/44775	Vendor Advisory
http://securityreason.com/securityalert/8269
http://www.securityfocus.com/archive/1/518155/100/0/threaded
http://www.securityfocus.com/bid/48005
https://exchange.xforce.ibmcloud.com/vulnerabilities/67695

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:plone:plone:4.0:::::::*
	cpe:2.3:a:plone:plone:4.1:::::::*

History

No history.

Information

Published : 2011-06-06 19:55

Updated : 2018-10-09 19:32

NVD link : CVE-2011-1950

Mitre link : CVE-2011-1950

CVE.ORG link : CVE-2011-1950

JSON object : View

Products Affected

plone

plone

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2011-1950", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-06-06T19:55:02.190", "references": [{"url": "http://osvdb.org/72729", "source": "secalert@redhat.com"}, {"url": "http://plone.org/products/plone/security/advisories/CVE-2011-1950", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/44775", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://securityreason.com/securityalert/8269", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/48005", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67695", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011."}, {"lang": "es", "value": "plone.app.users en Plone v4.0 y v4.1 permite a usuarios remotos autenticados para modificar las propiedades de las cuentas de su elecci\u00f3n a trav\u00e9s de vectores no especificados, como se exploto en junio 2011."}], "lastModified": "2018-10-09T19:32:13.713", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604"}, {"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}