Vulnerability Details : CVE-2011-4030
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.
Products affected by CVE-2011-4030
- cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2a2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2a1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b6:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b7:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b8:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0a1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b9:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b4:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-4030
1.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-4030
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2011-4030
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4030
-
http://secunia.com/advisories/46323
Sign in
-
http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0
Products.PloneHotfix20110928 ยท PyPIPatch
-
http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip
Plone: Enterprise Level CMS - Free and OpenSource - Community Driven - SecurePatch
-
http://www.securityfocus.com/bid/50287
Plone CMFEditions Component (CVE-2011-4030) Remote Security Bypass Vulnerability
-
http://plone.org/products/plone-hotfix/releases/20110928
Plone: Enterprise Level CMS - Free and OpenSource - Community Driven - SecurePatch
Jump to