CVE-2011-0720
high
CVSS v3
—
CVSS v2
7.5
VIR risk
7.5
Description
Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — http://www.vupen.com/english/advisories/2011/0796
Vendor advisory: cve@mitre.org — http://secunia.com/advisories/43914
Vendor advisory: cve@mitre.org — http://secunia.com/advisories/43146
Vendor advisory: cve@mitre.org — http://plone.org/products/plone/security/advisories/cve-2011-0720
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| plone | plone | 2.5 | |
| plone | plone | 2.5.1 | |
| plone | plone | 2.5.2 | |
| plone | plone | 2.5.3 | |
| plone | plone | 2.5.4 | |
| plone | plone | 2.5.5 | |
| plone | plone | 3.0 | |
| plone | plone | 3.0.1 | |
| plone | plone | 3.0.2 | |
| plone | plone | 3.0.3 | |
| plone | plone | 3.0.4 | |
| plone | plone | 3.0.5 | |
| plone | plone | 3.0.6 | |
| plone | plone | 3.1 | |
| plone | plone | 3.1.1 | |
| plone | plone | 3.1.2 | |
| plone | plone | 3.1.3 | |
| plone | plone | 3.1.4 | |
| plone | plone | 3.1.5.1 | |
| plone | plone | 3.1.6 | |
| plone | plone | 3.1.7 | |
| plone | plone | 3.2 | |
| plone | plone | 3.2.1 | |
| plone | plone | 3.2.2 | |
| plone | plone | 3.2.3 | |
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 4.0 | |
| redhat | conga | | |
| redhat | luci | | |
References
- https://nvd.nist.gov/vuln/detail/CVE-2011-0720
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65099
- https://github.com/plone/Plone
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-13.yaml
- https://plone.org/products/plone-hotfix/releases/CVE-2011-0720/logchecker.py
- https://seclists.org/fulldisclosure/2011/Apr/293
- https://web.archive.org/web/20110505051314/http://secunia.com/advisories/43914
- https://web.archive.org/web/20110826134658/http://secunia.com/advisories/43146
- https://web.archive.org/web/20200229153953/http://www.securityfocus.com/bid/46102
- http://osvdb.org/70753
- http://plone.org/products/plone/security/advisories/cve-2011-0720
- http://www.redhat.com/support/errata/RHSA-2011-0393.html
- http://www.redhat.com/support/errata/RHSA-2011-0394.html
- http://secunia.com/advisories/43146
- http://secunia.com/advisories/43914
- http://www.securityfocus.com/bid/46102
- http://www.securitytracker.com/id?1025258
- http://www.vupen.com/english/advisories/2011/0796
Verify integrity in audit chain (admin only). AS-IS.