CVE-2011-1950 - OpenCVE

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Plone	Plone

Configuration 1 [-]

OR	cpe:2.3:a:plone:plone:4.0:::::::*
	cpe:2.3:a:plone:plone:4.1:::::::*

No data.

References

Link	Providers
http://osvdb.org/72729
http://plone.org/products/plone/security/advisories/CVE-2011-1950
http://secunia.com/advisories/44775
http://securityreason.com/securityalert/8269
http://www.securityfocus.com/archive/1/518155/100/0/threaded
http://www.securityfocus.com/bid/48005
https://exchange.xforce.ibmcloud.com/vulnerabilities/67695
https://nvd.nist.gov/vuln/detail/CVE-2011-1950
https://www.cve.org/CVERecord?id=CVE-2011-1950

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-06-06T19:00:00

Updated: 2024-08-06T22:46:00.933Z

Reserved: 2011-05-09T00:00:00

Link: CVE-2011-1950

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-06-06T19:55:02.190

Modified: 2018-10-09T19:32:13.713

Link: CVE-2011-1950

Redhat

Severity : Moderate

Publid Date: 2011-05-31T00:00:00Z

Links: CVE-2011-1950 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-05-26T00:00:00", "descriptions": [{"lang": "en", "value": "plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "44775", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44775"}, {"name": "48005", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/48005"}, {"name": "plone-data-security-bypass(67695)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67695"}, {"name": "72729", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/72729"}, {"name": "8269", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8269"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1950"}, {"name": "20110526 [CVE-REQUEST] Plone XSS and permission errors", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:46:00.933Z"}, "title": "CVE Program Container", "references": [{"name": "44775", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/44775"}, {"name": "48005", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/48005"}, {"name": "plone-data-security-bypass(67695)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67695"}, {"name": "72729", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/72729"}, {"name": "8269", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/8269"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1950"}, {"name": "20110526 [CVE-REQUEST] Plone XSS and permission errors", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1950", "datePublished": "2011-06-06T19:00:00", "dateReserved": "2011-05-09T00:00:00", "dateUpdated": "2024-08-06T22:46:00.933Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011."}, {"lang": "es", "value": "plone.app.users en Plone v4.0 y v4.1 permite a usuarios remotos autenticados para modificar las propiedades de las cuentas de su elecci\u00f3n a trav\u00e9s de vectores no especificados, como se exploto en junio 2011."}], "id": "CVE-2011-1950", "lastModified": "2018-10-09T19:32:13.713", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-06-06T19:55:02.190", "references": [{"source": "secalert@redhat.com", "url": "http://osvdb.org/72729"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1950"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/44775"}, {"source": "secalert@redhat.com", "url": "http://securityreason.com/securityalert/8269"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/48005"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67695"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}