Vulnerability CVE-2011-0720


Published: 2011-02-03   Modified: 2012-02-13

Description:
Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Redhat -> Conga 
Redhat -> LUCI 
Plone -> Plone 

 References:
http://xforce.iss.net/xforce/xfdb/65099
http://www.vupen.com/english/advisories/2011/0796
http://www.securitytracker.com/id?1025258
http://www.securityfocus.com/bid/46102
http://www.redhat.com/support/errata/RHSA-2011-0394.html
http://www.redhat.com/support/errata/RHSA-2011-0393.html
http://secunia.com/advisories/43914
http://secunia.com/advisories/43146
http://plone.org/products/plone/security/advisories/cve-2011-0720
http://osvdb.org/70753

Copyright 2020, cxsecurity.com

 

Back to Top