CVE-2011-0720
plone: unauthorized remote administrative access
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.
Una vulnerabilidad no especificada en Plone versiĆ³n 2.5 hasta 4.0, como se utiliza en Conga, luci, y posiblemente otros productos, permite a los atacantes remotos obtener acceso administrativo, leer o crear contenido arbitrario, y cambiar el aspecto del sitio por medio de vectores desconocidos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-01-31 CVE Reserved
- 2011-02-03 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/70753 | Vdb Entry | |
| http://www.securityfocus.com/bid/46102 | Vdb Entry | |
| http://www.securitytracker.com/id?1025258 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65099 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://plone.org/products/plone/security/advisories/cve-2011-0720 | 2017-08-17 | |
| http://secunia.com/advisories/43146 | 2017-08-17 | |
| http://secunia.com/advisories/43914 | 2017-08-17 | |
| http://www.redhat.com/support/errata/RHSA-2011-0393.html | 2017-08-17 | |
| http://www.redhat.com/support/errata/RHSA-2011-0394.html | 2017-08-17 | |
| http://www.vupen.com/english/advisories/2011/0796 | 2017-08-17 | |
| https://access.redhat.com/security/cve/CVE-2011-0720 | 2011-03-28 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=676961 | 2011-03-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 2.5 Search vendor "Plone" for product "Plone" and version "2.5" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 2.5 Search vendor "Plone" for product "Plone" and version "2.5" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 2.5.1 Search vendor "Plone" for product "Plone" and version "2.5.1" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 2.5.1 Search vendor "Plone" for product "Plone" and version "2.5.1" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 2.5.2 Search vendor "Plone" for product "Plone" and version "2.5.2" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 2.5.2 Search vendor "Plone" for product "Plone" and version "2.5.2" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 2.5.3 Search vendor "Plone" for product "Plone" and version "2.5.3" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 2.5.3 Search vendor "Plone" for product "Plone" and version "2.5.3" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 2.5.4 Search vendor "Plone" for product "Plone" and version "2.5.4" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 2.5.4 Search vendor "Plone" for product "Plone" and version "2.5.4" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 2.5.5 Search vendor "Plone" for product "Plone" and version "2.5.5" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 2.5.5 Search vendor "Plone" for product "Plone" and version "2.5.5" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.0 Search vendor "Plone" for product "Plone" and version "3.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.0 Search vendor "Plone" for product "Plone" and version "3.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.0.1 Search vendor "Plone" for product "Plone" and version "3.0.1" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.0.1 Search vendor "Plone" for product "Plone" and version "3.0.1" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.0.2 Search vendor "Plone" for product "Plone" and version "3.0.2" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.0.2 Search vendor "Plone" for product "Plone" and version "3.0.2" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.0.3 Search vendor "Plone" for product "Plone" and version "3.0.3" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.0.3 Search vendor "Plone" for product "Plone" and version "3.0.3" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.0.4 Search vendor "Plone" for product "Plone" and version "3.0.4" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.0.4 Search vendor "Plone" for product "Plone" and version "3.0.4" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.0.5 Search vendor "Plone" for product "Plone" and version "3.0.5" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.0.5 Search vendor "Plone" for product "Plone" and version "3.0.5" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.0.6 Search vendor "Plone" for product "Plone" and version "3.0.6" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.0.6 Search vendor "Plone" for product "Plone" and version "3.0.6" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.1 Search vendor "Plone" for product "Plone" and version "3.1" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.1 Search vendor "Plone" for product "Plone" and version "3.1" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.1.1 Search vendor "Plone" for product "Plone" and version "3.1.1" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.1.1 Search vendor "Plone" for product "Plone" and version "3.1.1" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.1.2 Search vendor "Plone" for product "Plone" and version "3.1.2" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.1.2 Search vendor "Plone" for product "Plone" and version "3.1.2" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.1.3 Search vendor "Plone" for product "Plone" and version "3.1.3" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.1.3 Search vendor "Plone" for product "Plone" and version "3.1.3" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.1.4 Search vendor "Plone" for product "Plone" and version "3.1.4" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.1.4 Search vendor "Plone" for product "Plone" and version "3.1.4" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.1.5.1 Search vendor "Plone" for product "Plone" and version "3.1.5.1" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.1.5.1 Search vendor "Plone" for product "Plone" and version "3.1.5.1" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.1.6 Search vendor "Plone" for product "Plone" and version "3.1.6" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.1.6 Search vendor "Plone" for product "Plone" and version "3.1.6" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.1.7 Search vendor "Plone" for product "Plone" and version "3.1.7" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.1.7 Search vendor "Plone" for product "Plone" and version "3.1.7" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.2 Search vendor "Plone" for product "Plone" and version "3.2" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.2 Search vendor "Plone" for product "Plone" and version "3.2" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.2.1 Search vendor "Plone" for product "Plone" and version "3.2.1" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.2.1 Search vendor "Plone" for product "Plone" and version "3.2.1" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.2.2 Search vendor "Plone" for product "Plone" and version "3.2.2" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.2.2 Search vendor "Plone" for product "Plone" and version "3.2.2" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.2.3 Search vendor "Plone" for product "Plone" and version "3.2.3" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.2.3 Search vendor "Plone" for product "Plone" and version "3.2.3" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.3 Search vendor "Plone" for product "Plone" and version "3.3" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.3 Search vendor "Plone" for product "Plone" and version "3.3" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.3.1 Search vendor "Plone" for product "Plone" and version "3.3.1" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.3.1 Search vendor "Plone" for product "Plone" and version "3.3.1" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.3.2 Search vendor "Plone" for product "Plone" and version "3.3.2" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.3.2 Search vendor "Plone" for product "Plone" and version "3.3.2" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.3.3 Search vendor "Plone" for product "Plone" and version "3.3.3" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.3.3 Search vendor "Plone" for product "Plone" and version "3.3.3" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.3.4 Search vendor "Plone" for product "Plone" and version "3.3.4" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.3.4 Search vendor "Plone" for product "Plone" and version "3.3.4" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.3.5 Search vendor "Plone" for product "Plone" and version "3.3.5" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 3.3.5 Search vendor "Plone" for product "Plone" and version "3.3.5" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 4.0 Search vendor "Plone" for product "Plone" and version "4.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Conga Search vendor "Redhat" for product "Conga" | * | - |
Affected
|
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 4.0 Search vendor "Plone" for product "Plone" and version "4.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Luci Search vendor "Redhat" for product "Luci" | * | - |
Affected
|