CVE-2011-2528
HIGH severity · CVSS 7.5
7.5CVSS HIGH
Summary
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)2%
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: http://plone.org/products/plone-hotfix/releases/20110622 ↗
Additional information
- NVD record
- http://plone.org/products/plone-hotfix/releases/20110622Patch
- http://plone.org/products/plone/security/advisories/20110622Patch
- http://www.openwall.com/lists/oss-security/2011/07/04/6Patch
- http://www.openwall.com/lists/oss-security/2011/07/12/9Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=718824Patch
- https://mail.zope.org/pipermail/zope-announce/2011-June/002260.htmlPatch
- http://secunia.com/advisories/45056Advisory
- http://secunia.com/advisories/45111Advisory