CVE-2011-0720

Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/43146	Vendor Advisory
http://www.securityfocus.com/bid/46102
http://plone.org/products/plone/security/advisories/cve-2011-0720	Vendor Advisory
http://osvdb.org/70753
http://www.redhat.com/support/errata/RHSA-2011-0394.html
http://www.redhat.com/support/errata/RHSA-2011-0393.html
http://www.vupen.com/english/advisories/2011/0796	Vendor Advisory
http://secunia.com/advisories/43914	Vendor Advisory
http://www.securitytracker.com/id?1025258
https://exchange.xforce.ibmcloud.com/vulnerabilities/65099

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:plone:plone:3.0.2:::::::*
	cpe:2.3:a:plone:plone:3.0.1:::::::*
	cpe:2.3:a:plone:plone:3.1.1:::::::*
	cpe:2.3:a:plone:plone:3.1.6:::::::*
	cpe:2.3:a:plone:plone:3.3.1:::::::*
	cpe:2.3:a:plone:plone:3.0.4:::::::*
	cpe:2.3:a:plone:plone:2.5.1:::::::*
	cpe:2.3:a:plone:plone:3.3.5:::::::*
	cpe:2.3:a:plone:plone:3.0.6:::::::*
	cpe:2.3:a:plone:plone:3.1.3:::::::*
	cpe:2.3:a:plone:plone:3.2:::::::*
	cpe:2.3:a:plone:plone:3.3:::::::*
	cpe:2.3:a:plone:plone:3.0:::::::*
	cpe:2.3:a:plone:plone:3.2.3:::::::*
	cpe:2.3:a:plone:plone:3.1.4:::::::*
	cpe:2.3:a:plone:plone:3.1.5.1:::::::*
	cpe:2.3:a:plone:plone:2.5.4:::::::*
	cpe:2.3:a:plone:plone:3.3.4:::::::*
	cpe:2.3:a:plone:plone:3.3.2:::::::*
	cpe:2.3:a:plone:plone:3.1.7:::::::*
	cpe:2.3:a:plone:plone:2.5.3:::::::*
	cpe:2.3:a:plone:plone:3.2.2:::::::*
	cpe:2.3:a:plone:plone:3.0.3:::::::*
	cpe:2.3:a:plone:plone:3.1.2:::::::*
	cpe:2.3:a:plone:plone:3.2.1:::::::*
	cpe:2.3:a:plone:plone:4.0:::::::*
	cpe:2.3:a:plone:plone:3.0.5:::::::*
	cpe:2.3:a:plone:plone:2.5:::::::*
	cpe:2.3:a:plone:plone:2.5.2:::::::*
	cpe:2.3:a:plone:plone:3.1:::::::*
	cpe:2.3:a:plone:plone:3.3.3:::::::*
	cpe:2.3:a:plone:plone:2.5.5:::::::*

OR	cpe:2.3:a:redhat:conga::::::::
	cpe:2.3:a:redhat:luci::::::::

Information

Published : 2011-02-03 09:00

Updated : 2017-08-16 18:33

NVD link : CVE-2011-0720

Mitre link : CVE-2011-0720

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

redhat

conga
luci

plone

plone

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/advisories/43146", "name": "43146", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/46102", "name": "46102", "tags": [], "refsource": "BID"}, {"url": "http://plone.org/products/plone/security/advisories/cve-2011-0720", "name": "http://plone.org/products/plone/security/advisories/cve-2011-0720", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://osvdb.org/70753", "name": "70753", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0394.html", "name": "RHSA-2011:0394", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0393.html", "name": "RHSA-2011:0393", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.vupen.com/english/advisories/2011/0796", "name": "ADV-2011-0796", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/43914", "name": "43914", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securitytracker.com/id?1025258", "name": "1025258", "tags": [], "refsource": "SECTRACK"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65099", "name": "plone-unspec-priv-escalation(65099)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-0720", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2011-02-03T17:00Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:conga:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:luci:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:33Z"}

7.5 /10