CVE-2011-2528

high

Published 2011-07-19 · Modified 2026-05-21

CVSS v3

—

CVSS v2

7.5

VIR risk

7.5

Description

Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://bugzilla.redhat.com/show_bug.cgi?id=718824

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.openwall.com/lists/oss-security/2011/07/12/9

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.openwall.com/lists/oss-security/2011/07/04/6

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/45111

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/45056

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://plone.org/products/plone/security/advisories/20110622

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://plone.org/products/plone-hotfix/releases/20110622

Package impact

Ecosystem	Package	Vulnerable	Fixed
PyPI	plone	`>=3.3.2,<3.3.6`	`3.3.6`
PyPI	zope2	`>=2.12.0,<2.12.19`	`2.12.19`
PyPI	zope2	`>=2.13.0,<2.13.8`	`2.13.8`
PyPI	plone	`<=2.13.7`

Application impact

Vendor	Product	Versions
plone	plone	`4.0.8`
plone	plone_hotfix_20110720
plone	plone	`3.0`
plone	plone	`3.0.1`
plone	plone	`3.0.2`
plone	plone	`3.0.3`
plone	plone	`3.0.4`
plone	plone	`3.0.5`
plone	plone	`3.0.6`
plone	plone	`3.1`
plone	plone	`3.1.1`
plone	plone	`3.1.2`
plone	plone	`3.1.3`
plone	plone	`3.1.4`
plone	plone	`3.1.5.1`
plone	plone	`3.1.6`
plone	plone	`3.1.7`
plone	plone	`3.2`
plone	plone	`3.2.1`
plone	plone	`3.2.2`
plone	plone	`3.2.3`
plone	plone	`3.3`
plone	plone	`3.3.1`
plone	plone	`3.3.2`
plone	plone	`3.3.3`
plone	plone	`3.3.4`
plone	plone	`3.3.5`
plone	plone	`3.3.6`
plone	plone	`4.0`
plone	plone	`4.0.1`
plone	plone	`4.0.2`
plone	plone	`4.0.3`
plone	plone	`4.0.4`
plone	plone	`4.0.5`
plone	plone	`4.0.6.1`
plone	plone	`4.0.7`
plone	plone	`4.1`
zope	zope	`2.12.0`
zope	zope	`2.12.1`
zope	zope	`2.12.2`
zope	zope	`2.12.3`
zope	zope	`2.12.4`
zope	zope	`2.12.5`
zope	zope	`2.12.6`
zope	zope	`2.12.7`
zope	zope	`2.12.8`
zope	zope	`2.12.9`
zope	zope	`2.12.10`
zope	zope	`2.12.11`
zope	zope	`2.12.12`
zope	zope	`2.12.13`
zope	zope	`2.12.14`
zope	zope	`2.12.15`
zope	zope	`2.12.16`
zope	zope	`2.12.17`
zope	zope	`2.12.18`
zope	zope	`2.13.0`
zope	zope	`2.13.1`
zope	zope	`2.13.2`
zope	zope	`2.13.3`
zope	zope	`2.13.4`
zope	zope	`2.13.5`
zope	zope	`2.13.6`
zope	zope	`2.13.7`

References

Verify integrity in audit chain (admin only). AS-IS.