CVE-2011-0720

Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/70753
http://plone.org/products/plone/security/advisories/cve-2011-0720	Vendor Advisory
http://secunia.com/advisories/43146	Vendor Advisory
http://secunia.com/advisories/43914	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-0393.html
http://www.redhat.com/support/errata/RHSA-2011-0394.html
http://www.securityfocus.com/bid/46102
http://www.securitytracker.com/id?1025258
http://www.vupen.com/english/advisories/2011/0796	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65099
http://osvdb.org/70753
http://plone.org/products/plone/security/advisories/cve-2011-0720	Vendor Advisory
http://secunia.com/advisories/43146	Vendor Advisory
http://secunia.com/advisories/43914	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-0393.html
http://www.redhat.com/support/errata/RHSA-2011-0394.html
http://www.securityfocus.com/bid/46102
http://www.securitytracker.com/id?1025258
http://www.vupen.com/english/advisories/2011/0796	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65099

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:plone:plone:2.5:::::::*
	cpe:2.3:a:plone:plone:2.5.1:::::::*
	cpe:2.3:a:plone:plone:2.5.2:::::::*
	cpe:2.3:a:plone:plone:2.5.3:::::::*
	cpe:2.3:a:plone:plone:2.5.4:::::::*
	cpe:2.3:a:plone:plone:2.5.5:::::::*
	cpe:2.3:a:plone:plone:3.0:::::::*
	cpe:2.3:a:plone:plone:3.0.1:::::::*
	cpe:2.3:a:plone:plone:3.0.2:::::::*
	cpe:2.3:a:plone:plone:3.0.3:::::::*
	cpe:2.3:a:plone:plone:3.0.4:::::::*
	cpe:2.3:a:plone:plone:3.0.5:::::::*
	cpe:2.3:a:plone:plone:3.0.6:::::::*
	cpe:2.3:a:plone:plone:3.1:::::::*
	cpe:2.3:a:plone:plone:3.1.1:::::::*
	cpe:2.3:a:plone:plone:3.1.2:::::::*
	cpe:2.3:a:plone:plone:3.1.3:::::::*
	cpe:2.3:a:plone:plone:3.1.4:::::::*
	cpe:2.3:a:plone:plone:3.1.5.1:::::::*
	cpe:2.3:a:plone:plone:3.1.6:::::::*
	cpe:2.3:a:plone:plone:3.1.7:::::::*
	cpe:2.3:a:plone:plone:3.2:::::::*
	cpe:2.3:a:plone:plone:3.2.1:::::::*
	cpe:2.3:a:plone:plone:3.2.2:::::::*
	cpe:2.3:a:plone:plone:3.2.3:::::::*
	cpe:2.3:a:plone:plone:3.3:::::::*
	cpe:2.3:a:plone:plone:3.3.1:::::::*
	cpe:2.3:a:plone:plone:3.3.2:::::::*
	cpe:2.3:a:plone:plone:3.3.3:::::::*
	cpe:2.3:a:plone:plone:3.3.4:::::::*
	cpe:2.3:a:plone:plone:3.3.5:::::::*
	cpe:2.3:a:plone:plone:4.0:::::::*

OR	cpe:2.3:a:redhat:conga::::::::
	cpe:2.3:a:redhat:luci::::::::

History

21 Nov 2024, 01:24

Type	Values Removed	Values Added
References	~~() http://osvdb.org/70753 -~~	() http://osvdb.org/70753 -
References	~~() http://plone.org/products/plone/security/advisories/cve-2011-0720 - Vendor Advisory~~	() http://plone.org/products/plone/security/advisories/cve-2011-0720 - Vendor Advisory
References	~~() http://secunia.com/advisories/43146 - Vendor Advisory~~	() http://secunia.com/advisories/43146 - Vendor Advisory
References	~~() http://secunia.com/advisories/43914 - Vendor Advisory~~	() http://secunia.com/advisories/43914 - Vendor Advisory
References	~~() http://www.redhat.com/support/errata/RHSA-2011-0393.html -~~	() http://www.redhat.com/support/errata/RHSA-2011-0393.html -
References	~~() http://www.redhat.com/support/errata/RHSA-2011-0394.html -~~	() http://www.redhat.com/support/errata/RHSA-2011-0394.html -
References	~~() http://www.securityfocus.com/bid/46102 -~~	() http://www.securityfocus.com/bid/46102 -
References	~~() http://www.securitytracker.com/id?1025258 -~~	() http://www.securitytracker.com/id?1025258 -
References	~~() http://www.vupen.com/english/advisories/2011/0796 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2011/0796 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/65099 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/65099 -

Information

Published : 2011-02-03 17:00

Updated : 2025-04-11 00:51

NVD link : CVE-2011-0720

Mitre link : CVE-2011-0720

CVE.ORG link : CVE-2011-0720

JSON object : View

Products Affected

plone

plone

redhat

luci
conga

CWE

NVD-CWE-noinfo

{"id": "CVE-2011-0720", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2011-02-03T17:00:03.773", "references": [{"url": "http://osvdb.org/70753", "source": "cve@mitre.org"}, {"url": "http://plone.org/products/plone/security/advisories/cve-2011-0720", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/43146", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/43914", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0393.html", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0394.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/46102", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1025258", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2011/0796", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65099", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/70753", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://plone.org/products/plone/security/advisories/cve-2011-0720", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/43146", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/43914", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0393.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0394.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/46102", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1025258", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2011/0796", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65099", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors."}, {"lang": "es", "value": "Una vulnerabilidad no especificada en Plone versi\u00f3n 2.5 hasta 4.0, como se utiliza en Conga, luci, y posiblemente otros productos, permite a los atacantes remotos obtener acceso administrativo, leer o crear contenido arbitrario, y cambiar el aspecto del sitio por medio de vectores desconocidos."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0"}, {"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB"}, {"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886"}, {"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9"}, {"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324"}, {"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1"}, {"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807"}, {"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D"}, {"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35"}, {"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671"}, {"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17"}, {"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A"}, {"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249"}, {"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C"}, {"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0"}, {"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1"}, {"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6"}, {"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86"}, {"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A"}, {"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6"}, {"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7"}, {"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73"}, {"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD"}, {"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181"}, {"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686"}, {"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B"}, {"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D"}, {"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B"}, {"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94"}, {"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8"}, {"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705"}, {"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:conga:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFDB782C-6A31-43A7-9A61-E94020AEE956"}, {"criteria": "cpe:2.3:a:redhat:luci:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00AB76EC-83A6-405B-858F-CE4FF59AEAEA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10