Lucene search

[email protected]CVE-2011-1950

HistoryJun 06, 2011 - 7:55 p.m.

CVE-2011-1950

2011-06-0619:55:02

CWE-264

[email protected]

web.nvd.nist.gov

cve-2011-1950

plone.app.users

remote authenticated users

account properties

unspecified vectors

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.9%

JSON

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

Affected configurations

NVD

Node

ploneploneMatch4.0

ploneploneMatch4.1

CPENameOperatorVersion
plone:ploneploneeq4.0
plone:ploneploneeq4.1

CPE	Name	Operator	Version
plone:plone	plone	eq	4.0
plone:plone	plone	eq	4.1

References

osvdb.org/72729

plone.org/products/plone/security/advisories/CVE-2011-1950

secunia.com/advisories/44775

securityreason.com/securityalert/8269

www.securityfocus.com/archive/1/518155/100/0/threaded

www.securityfocus.com/bid/48005

exchange.xforce.ibmcloud.com/vulnerabilities/67695

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.9%

JSON

Related for CVE-2011-1950

osv2 prion1 cvelist1 ubuntucve1 github1 nvd1