Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-2528

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-19 Jul, 2011 | 20:00
Updated At-06 Aug, 2024 | 23:08
Rejected At-
Credits

Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:19 Jul, 2011 | 20:00
Updated At:06 Aug, 2024 | 23:08
Rejected At:
▼CVE Numbering Authority (CNA)

Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/45056
third-party-advisory
x_refsource_SECUNIA
http://plone.org/products/plone/security/advisories/20110622
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=718824
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2011/07/12/9
mailing-list
x_refsource_MLIST
https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html
mailing-list
x_refsource_MLIST
http://plone.org/products/plone-hotfix/releases/20110622
x_refsource_CONFIRM
http://secunia.com/advisories/45111
third-party-advisory
x_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2011/07/04/6
mailing-list
x_refsource_MLIST
Hyperlink: http://secunia.com/advisories/45056
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://plone.org/products/plone/security/advisories/20110622
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=718824
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2011/07/12/9
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://plone.org/products/plone-hotfix/releases/20110622
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/45111
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.openwall.com/lists/oss-security/2011/07/04/6
Resource:
mailing-list
x_refsource_MLIST
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/45056
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://plone.org/products/plone/security/advisories/20110622
x_refsource_CONFIRM
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=718824
x_refsource_CONFIRM
x_transferred
http://www.openwall.com/lists/oss-security/2011/07/12/9
mailing-list
x_refsource_MLIST
x_transferred
https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html
mailing-list
x_refsource_MLIST
x_transferred
http://plone.org/products/plone-hotfix/releases/20110622
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/45111
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.openwall.com/lists/oss-security/2011/07/04/6
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://secunia.com/advisories/45056
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://plone.org/products/plone/security/advisories/20110622
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=718824
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2011/07/12/9
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://plone.org/products/plone-hotfix/releases/20110622
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/45111
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2011/07/04/6
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:19 Jul, 2011 | 20:55
Updated At:11 Apr, 2025 | 00:51

Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Plone Foundation
plone
>>plone_hotfix_20110720>>*
cpe:2.3:a:plone:plone_hotfix_20110720:*:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.0
cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.0.1
cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.0.2
cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.0.3
cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.0.4
cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.0.5
cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.0.6
cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.1
cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.1.1
cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.1.2
cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.1.3
cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.1.4
cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.1.5.1
cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.1.6
cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.1.7
cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.2
cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.2.1
cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.2.2
cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.2.3
cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.3
cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.3.1
cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.3.2
cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.3.3
cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.3.4
cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.3.5
cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>3.3.6
cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>4.0
cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>4.0.1
cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>4.0.2
cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>4.0.3
cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>4.0.4
cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>4.0.5
cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>4.0.6.1
cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>4.0.7
cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>4.0.8
cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*
Plone Foundation
plone
>>plone>>4.1
cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*
zope
zope
>>zope>>2.12.0
cpe:2.3:a:zope:zope:2.12.0:*:*:*:*:*:*:*
zope
zope
>>zope>>2.12.0
cpe:2.3:a:zope:zope:2.12.0:a1:*:*:*:*:*:*
zope
zope
>>zope>>2.12.0
cpe:2.3:a:zope:zope:2.12.0:a2:*:*:*:*:*:*
zope
zope
>>zope>>2.12.0
cpe:2.3:a:zope:zope:2.12.0:a3:*:*:*:*:*:*
zope
zope
>>zope>>2.12.0
cpe:2.3:a:zope:zope:2.12.0:a4:*:*:*:*:*:*
zope
zope
>>zope>>2.12.0
cpe:2.3:a:zope:zope:2.12.0:b1:*:*:*:*:*:*
zope
zope
>>zope>>2.12.0
cpe:2.3:a:zope:zope:2.12.0:b2:*:*:*:*:*:*
zope
zope
>>zope>>2.12.0
cpe:2.3:a:zope:zope:2.12.0:b3:*:*:*:*:*:*
zope
zope
>>zope>>2.12.0
cpe:2.3:a:zope:zope:2.12.0:b4:*:*:*:*:*:*
zope
zope
>>zope>>2.12.1
cpe:2.3:a:zope:zope:2.12.1:*:*:*:*:*:*:*
zope
zope
>>zope>>2.12.2
cpe:2.3:a:zope:zope:2.12.2:*:*:*:*:*:*:*
zope
zope
>>zope>>2.12.3
cpe:2.3:a:zope:zope:2.12.3:*:*:*:*:*:*:*
zope
zope
>>zope>>2.12.4
cpe:2.3:a:zope:zope:2.12.4:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://plone.org/products/plone-hotfix/releases/20110622secalert@redhat.com
Patch
Vendor Advisory
http://plone.org/products/plone/security/advisories/20110622secalert@redhat.com
Patch
Vendor Advisory
http://secunia.com/advisories/45056secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/45111secalert@redhat.com
Vendor Advisory
http://www.openwall.com/lists/oss-security/2011/07/04/6secalert@redhat.com
Patch
http://www.openwall.com/lists/oss-security/2011/07/12/9secalert@redhat.com
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=718824secalert@redhat.com
Patch
https://mail.zope.org/pipermail/zope-announce/2011-June/002260.htmlsecalert@redhat.com
Patch
http://plone.org/products/plone-hotfix/releases/20110622af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://plone.org/products/plone/security/advisories/20110622af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://secunia.com/advisories/45056af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/45111af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.openwall.com/lists/oss-security/2011/07/04/6af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.openwall.com/lists/oss-security/2011/07/12/9af854a3a-2127-422b-91ae-364da2661108
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=718824af854a3a-2127-422b-91ae-364da2661108
Patch
https://mail.zope.org/pipermail/zope-announce/2011-June/002260.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Hyperlink: http://plone.org/products/plone-hotfix/releases/20110622
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://plone.org/products/plone/security/advisories/20110622
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/45056
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/45111
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2011/07/04/6
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://www.openwall.com/lists/oss-security/2011/07/12/9
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=718824
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://plone.org/products/plone-hotfix/releases/20110622
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://plone.org/products/plone/security/advisories/20110622
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/45056
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/45111
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2011/07/04/6
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.openwall.com/lists/oss-security/2011/07/12/9
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=718824
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch

Change History

0
Information is not available yet

Similar CVEs

14Records found
CVE-2002-0688
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.60% / 68.52%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.

Action-Not Available
Vendor-zopen/a
Product-zopen/a
CVE-2002-0170
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.74% / 72.03%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.

Action-Not Available
Vendor-zopen/a
Product-zopen/a
CVE-2016-4041
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.43% / 61.62%
||
7 Day CHG~0.00%
Published-24 Feb, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors.

Action-Not Available
Vendor-n/aPlone Foundation
Product-plonen/a
CVE-2000-0483
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.47% / 80.14%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization.

Action-Not Available
Vendor-zopen/aRed Hat, Inc.
Product-linux_powertoolszopen/a
CVE-2011-0720
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.41% / 79.69%
||
7 Day CHG~0.00%
Published-03 Feb, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.Plone Foundation
Product-luciplonecongan/a
CVE-2009-0669
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.55% / 66.94%
||
7 Day CHG~0.00%
Published-07 Aug, 2009 | 19:00
Updated-07 Aug, 2024 | 04:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.

Action-Not Available
Vendor-zopen/a
Product-zodbn/a
CWE ID-CWE-287
Improper Authentication
CVE-2001-1278
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.43%
||
7 Day CHG~0.00%
Published-03 May, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.

Action-Not Available
Vendor-zopen/a
Product-zopen/a
CVE-2000-1211
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.60% / 68.52%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.

Action-Not Available
Vendor-zopen/a
Product-zopen/a
CVE-2008-1394
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.68% / 70.51%
||
7 Day CHG~0.00%
Published-20 Mar, 2008 | 00:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.

Action-Not Available
Vendor-n/aPlone Foundation
Product-plone_cmsn/a
CWE ID-CWE-255
Not Available
CVE-2008-1395
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.82%
||
7 Day CHG~0.00%
Published-20 Mar, 2008 | 00:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Plone CMS does not record users' authentication states, and implements the logout feature solely on the client side, which makes it easier for context-dependent attackers to reuse a logged-out session.

Action-Not Available
Vendor-n/aPlone Foundation
Product-plone_cmsn/a
CWE ID-CWE-287
Improper Authentication
CVE-2007-5741
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.39% / 86.91%
||
7 Day CHG~0.00%
Published-07 Nov, 2007 | 21:00
Updated-07 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.

Action-Not Available
Vendor-n/aPlone Foundation
Product-plonen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2005-3323
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.30% / 84.08%
||
7 Day CHG~0.00%
Published-27 Oct, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality.

Action-Not Available
Vendor-zopen/aDebian GNU/Linux
Product-zopedebian_linuxn/a
CVE-2001-1227
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.08%
||
7 Day CHG~0.00%
Published-25 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.

Action-Not Available
Vendor-zopen/a
Product-zopen/a
CVE-2020-7941
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.62% / 69.05%
||
7 Day CHG~0.00%
Published-23 Jan, 2020 | 20:38
Updated-04 Aug, 2024 | 09:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.

Action-Not Available
Vendor-n/aPlone Foundation
Product-plonen/a
Details not found