{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-09-28T00:00:00", "descriptions": [{"lang": "en", "value": "The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-10-19T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0"}, {"name": "46323", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46323"}, {"name": "50287", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/50287"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://plone.org/products/plone-hotfix/releases/20110928"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-4030", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0", "refsource": "CONFIRM", "url": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0"}, {"name": "46323", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/46323"}, {"name": "50287", "refsource": "BID", "url": "http://www.securityfocus.com/bid/50287"}, {"name": "http://plone.org/products/plone-hotfix/releases/20110928", "refsource": "CONFIRM", "url": "http://plone.org/products/plone-hotfix/releases/20110928"}, {"name": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip", "refsource": "CONFIRM", "url": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:53:32.626Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0"}, {"name": "46323", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/46323"}, {"name": "50287", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/50287"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://plone.org/products/plone-hotfix/releases/20110928"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-4030", "datePublished": "2011-10-10T10:00:00", "dateReserved": "2011-10-09T00:00:00", "dateUpdated": "2024-08-06T23:53:32.626Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:plone:cmfeditions:2.0a1:*:*:*:*:*:*:*", "matchCriteriaId": "1E94E45E-ADAC-4CD6-B7E9-3F7C4C501BEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b1:*:*:*:*:*:*:*", "matchCriteriaId": "AC31071B-BD99-490F-8B86-5441949AF65D", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b2:*:*:*:*:*:*:*", "matchCriteriaId": "07243926-511B-4464-96BA-B5FF2829FB2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b3:*:*:*:*:*:*:*", "matchCriteriaId": "BBB08BCC-175E-4D97-B0E7-C5BA415DA45E", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b4:*:*:*:*:*:*:*", "matchCriteriaId": "DAA5BDE2-D9A7-4088-B32A-C10DFC931792", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b5:*:*:*:*:*:*:*", "matchCriteriaId": "19166094-7736-4B98-A5E6-AD173ED4BC68", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b6:*:*:*:*:*:*:*", "matchCriteriaId": "00E46DF5-093B-4194-90DE-EC156D9E308D", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b7:*:*:*:*:*:*:*", "matchCriteriaId": "4CF4166A-265D-4DB7-B629-C2C729EA8BAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b8:*:*:*:*:*:*:*", "matchCriteriaId": "6582FFEB-3F3A-4F4A-83A5-56DB5F66C1E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b9:*:*:*:*:*:*:*", "matchCriteriaId": "B05ADE03-C904-4923-8931-28B154A3D01A", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.2a1:*:*:*:*:*:*:*", "matchCriteriaId": "3CA5A1E3-EC1E-482D-B074-1304FBF963F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.2a2:*:*:*:*:*:*:*", "matchCriteriaId": "1DE6064F-67CC-4DA5-A4A8-D9E1F701B1A5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587."}, {"lang": "es", "value": "El componente CMFEditions v2.x en Plone v4.0.x hasta v4.0.9, v4.1, y v4.2 hasta v4.2a2 no previene clases KwAsAttributes publicables, lo que permite a atacantes remotos acceder a sub-objetos a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente que CVE-2011-3587."}], "id": "CVE-2011-4030", "lastModified": "2011-10-30T03:39:15.793", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-10-10T10:55:06.957", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://plone.org/products/plone-hotfix/releases/20110928"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/46323"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/50287"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "plone: Sub-objects access via unspecified vectors", "id": "744804", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=744804"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "draft"}, "details": ["The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587."], "name": "CVE-2011-4030", "package_state": [{"cpe": "cpe:/a:redhat:rhel_cluster:4", "fix_state": "Not affected", "package_name": "conga", "product_name": "Red Hat Cluster Suite 4AS"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "conga", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2011-10-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-4030\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-4030"], "statement": "Not vulnerable. This issue did not affect the versions of conga as shipped with Red Hat Cluster Suite for Red Hat Enterprise Linux 4 and as shipped with Red Hat Enterprise Linux 5 as they did not include support for CMFEditions.", "threat_severity": "Low"}