Vulnerability Details : CVE-2011-4030
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.
Exploit prediction scoring system (EPSS) score for CVE-2011-4030
Probability of exploitation activity in the next 30 days: 0.77%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-4030
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2011-4030
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4030
-
http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0
Products.PloneHotfix20110928 ยท PyPIPatch
-
http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip
Plone: Enterprise Level CMS - Free and OpenSource - Community Driven - SecurePatch
-
http://www.securityfocus.com/bid/50287
Plone CMFEditions Component (CVE-2011-4030) Remote Security Bypass Vulnerability
-
http://plone.org/products/plone-hotfix/releases/20110928
Plone: Enterprise Level CMS - Free and OpenSource - Community Driven - SecurePatch
Products affected by CVE-2011-4030
- cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2a2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2a1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b6:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b7:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b8:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0a1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b9:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b4:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b3:*:*:*:*:*:*:*