CVE-2011-2528

EUVD-2011-0023
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
ploneplone_hotfix_20110720
*
ploneplone
3.0
ploneplone
3.0.1
ploneplone
3.0.2
ploneplone
3.0.3
ploneplone
3.0.4
ploneplone
3.0.5
ploneplone
3.0.6
ploneplone
3.1
ploneplone
3.1.1
ploneplone
3.1.2
ploneplone
3.1.3
ploneplone
3.1.4
ploneplone
3.1.5.1
ploneplone
3.1.6
ploneplone
3.1.7
ploneplone
3.2
ploneplone
3.2.1
ploneplone
3.2.2
ploneplone
3.2.3
ploneplone
3.3
ploneplone
3.3.1
ploneplone
3.3.2
ploneplone
3.3.3
ploneplone
3.3.4
ploneplone
3.3.5
ploneplone
3.3.6
ploneplone
4.0
ploneplone
4.0.1
ploneplone
4.0.2
ploneplone
4.0.3
ploneplone
4.0.4
ploneplone
4.0.5
ploneplone
4.0.6.1
ploneplone
4.0.7
ploneplone
4.0.8
ploneplone
4.1
zopezope
2.12.0
zopezope
2.12.0:a1
zopezope
2.12.0:a2
zopezope
2.12.0:a3
zopezope
2.12.0:a4
zopezope
2.12.0:b1
zopezope
2.12.0:b2
zopezope
2.12.0:b3
zopezope
2.12.0:b4
zopezope
2.12.1
zopezope
2.12.2
zopezope
2.12.3
zopezope
2.12.4
zopezope
2.12.5
zopezope
2.12.6
zopezope
2.12.7
zopezope
2.12.8
zopezope
2.12.9
zopezope
2.12.10
zopezope
2.12.11
zopezope
2.12.12
zopezope
2.12.13
zopezope
2.12.14
zopezope
2.12.15
zopezope
2.12.16
zopezope
2.12.17
zopezope
2.12.18
zopezope
2.13.0
zopezope
2.13.0:a1
zopezope
2.13.0:a2
zopezope
2.13.0:a3
zopezope
2.13.0:a4
zopezope
2.13.0:b1
zopezope
2.13.0:c1
zopezope
2.13.1
zopezope
2.13.2
zopezope
2.13.3
zopezope
2.13.4
zopezope
2.13.5
zopezope
2.13.6
zopezope
2.13.7
𝑥
= Vulnerable software versions
References
http://plone.org/products/plone-hotfix/releases/20110622
http://plone.org/products/plone/security/advisories/20110622
http://secunia.com/advisories/45056
http://secunia.com/advisories/45111
http://www.openwall.com/lists/oss-security/2011/07/04/6
http://www.openwall.com/lists/oss-security/2011/07/12/9
https://bugzilla.redhat.com/show_bug.cgi?id=718824
https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html
http://plone.org/products/plone-hotfix/releases/20110622
http://plone.org/products/plone/security/advisories/20110622
http://secunia.com/advisories/45056
http://secunia.com/advisories/45111
http://www.openwall.com/lists/oss-security/2011/07/04/6
http://www.openwall.com/lists/oss-security/2011/07/12/9
https://bugzilla.redhat.com/show_bug.cgi?id=718824
https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html