Vulnerability Details : CVE-2011-1950
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
Products affected by CVE-2011-1950
- cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1950
0.86%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1950
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:P |
8.0
|
4.9
|
NIST |
CWE ids for CVE-2011-1950
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1950
-
http://www.securityfocus.com/archive/1/518155/100/0/threaded
SecurityFocus
-
http://plone.org/products/plone/security/advisories/CVE-2011-1950
Plone: Enterprise Level CMS - Free and OpenSource - Community Driven - SecurePatch;Vendor Advisory
-
http://securityreason.com/securityalert/8269
Plone XSS and permission errors - CXSecurity.com
-
http://secunia.com/advisories/44775
Sign inVendor Advisory
-
http://osvdb.org/72729
-
http://www.securityfocus.com/bid/48005
Plone Multiple Security Vulnerabilities
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/67695
Plone data security bypass CVE-2011-1950 Vulnerability Report
Jump to