FKIE_CVE-2011-4030

Vulnerability from fkie_nvd - Published: 2011-10-10 10:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.
References
cve@mitre.orghttp://plone.org/products/plone-hotfix/releases/20110928Patch
cve@mitre.orghttp://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zipPatch
cve@mitre.orghttp://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0Patch
cve@mitre.orghttp://secunia.com/advisories/46323
cve@mitre.orghttp://www.securityfocus.com/bid/50287
af854a3a-2127-422b-91ae-364da2661108http://plone.org/products/plone-hotfix/releases/20110928Patch
af854a3a-2127-422b-91ae-364da2661108http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zipPatch
af854a3a-2127-422b-91ae-364da2661108http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0Patch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46323
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/50287
Impacted products
Vendor Product Version
plone cmfeditions 2.0a1
plone cmfeditions 2.0b1
plone cmfeditions 2.0b2
plone cmfeditions 2.0b3
plone cmfeditions 2.0b4
plone cmfeditions 2.0b5
plone cmfeditions 2.0b6
plone cmfeditions 2.0b7
plone cmfeditions 2.0b8
plone cmfeditions 2.0b9
plone plone 4.0
plone plone 4.0.1
plone plone 4.0.2
plone plone 4.0.3
plone plone 4.0.4
plone plone 4.0.5
plone plone 4.0.6.1
plone plone 4.0.7
plone plone 4.0.8
plone plone 4.0.9
plone plone 4.1
plone plone 4.2
plone plone 4.2a1
plone plone 4.2a2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:plone:cmfeditions:2.0a1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E94E45E-ADAC-4CD6-B7E9-3F7C4C501BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:cmfeditions:2.0b1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC31071B-BD99-490F-8B86-5441949AF65D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:cmfeditions:2.0b2:*:*:*:*:*:*:*",
              "matchCriteriaId": "07243926-511B-4464-96BA-B5FF2829FB2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:cmfeditions:2.0b3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBB08BCC-175E-4D97-B0E7-C5BA415DA45E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:cmfeditions:2.0b4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAA5BDE2-D9A7-4088-B32A-C10DFC931792",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:cmfeditions:2.0b5:*:*:*:*:*:*:*",
              "matchCriteriaId": "19166094-7736-4B98-A5E6-AD173ED4BC68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:cmfeditions:2.0b6:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E46DF5-093B-4194-90DE-EC156D9E308D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:cmfeditions:2.0b7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CF4166A-265D-4DB7-B629-C2C729EA8BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:cmfeditions:2.0b8:*:*:*:*:*:*:*",
              "matchCriteriaId": "6582FFEB-3F3A-4F4A-83A5-56DB5F66C1E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:cmfeditions:2.0b9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B05ADE03-C904-4923-8931-28B154A3D01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.2a1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CA5A1E3-EC1E-482D-B074-1304FBF963F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.2a2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DE6064F-67CC-4DA5-A4A8-D9E1F701B1A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587."
    },
    {
      "lang": "es",
      "value": "El componente CMFEditions v2.x en Plone v4.0.x hasta v4.0.9, v4.1, y v4.2 hasta v4.2a2 no previene clases KwAsAttributes publicables, lo que permite a atacantes remotos acceder a sub-objetos a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente que CVE-2011-3587."
    }
  ],
  "id": "CVE-2011-4030",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-10-10T10:55:06.957",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://plone.org/products/plone-hotfix/releases/20110928"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/46323"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/50287"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://plone.org/products/plone-hotfix/releases/20110928"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/46323"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/50287"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.