plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
CPE | Name | Operator | Version |
---|---|---|---|
plone-app-users | eq | 1.0b9 | |
plone-app-users | eq | 1.0b5 | |
plone-app-users | eq | 1.0b3 | |
plone-app-users | eq | 1.0b1 | |
plone | eq | 4.0.1 | |
plone | eq | 4.0.2 | |
plone-app-users | eq | 1.0b2 | |
plone-app-users | eq | 1.0 | |
plone | eq | 4.0.5 | |
plone-app-users | eq | 1.1b2 |
osvdb.org/72729
plone.org/products/plone/security/advisories/CVE-2011-1950
secunia.com/advisories/44775
securityreason.com/securityalert/8269
www.securityfocus.com/archive/1/518155/100/0/threaded
www.securityfocus.com/bid/48005
exchange.xforce.ibmcloud.com/vulnerabilities/67695
github.com/advisories/GHSA-2qx8-589j-gcpx
nvd.nist.gov/vuln/detail/CVE-2011-1950