Vulnerability CVE-2011-0720

Vulnerability Name:

CVE-2011-0720 (CCN-65099)

Assigned:

2011-02-03

Published:

2011-02-03

Updated:

2017-08-17

Summary:

Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.

CVSS v3 Severity:

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
4.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:U/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

7.5 High (REDHAT CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.4 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-noinfo
CWE-284

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2011-0720

Source: OSVDB
Type: UNKNOWN
70753

Source: CCN
Type: Plone Security vulnerability announcement
CVE-2011-0720 - Privilege escalation

Source: CONFIRM
Type: Vendor Advisory
http://plone.org/products/plone/security/advisories/cve-2011-0720

Source: CCN
Type: RHSA-2011-0393
Important: conga security update

Source: CCN
Type: RHSA-2011-0394
Important: conga security update

Source: CCN
Type: SA43146
Plone Unspecified Security Bypass Vulnerability

Source: SECUNIA
Type: Vendor Advisory
43146

Source: SECUNIA
Type: Vendor Advisory
43914

Source: CCN
Type: OSVDB ID: 70753
Plone Unspecified Remote Privilege Escalation

Source: CCN
Type: OSVDB ID: 73726
Zope Unspecified Access Restriction Bypass

Source: REDHAT
Type: UNKNOWN
RHSA-2011:0393

Source: REDHAT
Type: UNKNOWN
RHSA-2011:0394

Source: BID
Type: UNKNOWN
46102

Source: CCN
Type: BID-46102
Plone CVE-2011-0720 Remote Security Bypass Vulnerability

Source: SECTRACK
Type: UNKNOWN
1025258

Source: VUPEN
Type: Vendor Advisory
ADV-2011-0796

Source: XF
Type: UNKNOWN
plone-unspec-priv-escalation(65099)

Source: XF
Type: UNKNOWN
plone-unspec-priv-escalation(65099)

Vulnerable Configuration:

Configuration 1:

cpe:/a:plone:plone:2.5:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:2.5.1:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:2.5.2:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:2.5.3:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:2.5.4:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:2.5.5:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.0:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.0.2:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.0.3:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.0.4:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.0.5:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.0.6:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.1:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.1.1:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.1.2:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.1.3:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.1.4:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.1.5.1:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.1.6:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.1.7:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.2:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.2.1:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.2.2:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.2.3:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.3:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.3.1:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.3.2:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.3.3:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.3.4:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.3.5:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:4.0:*:*:*:*:*:*:*

AND

cpe:/a:redhat:conga:*:*:*:*:*:*:*:*

OR cpe:/a:redhat:luci:*:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:rhel_cluster:5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:plone:plone:2.5_beta1:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:2.5.1:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:2.5:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:2.5.1_rc:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:2.5.2:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:2.5.3:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:2.5.4:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.0:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.0.2:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.0.3:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.0.5:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.0.4:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.2:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.1:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:3.3.3:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:4.0:*:*:*:*:*:*:*

AND

cpe:/a:redhat:rhel_cluster:4:*:*:*:*:*:*:*

OR cpe:/a:redhat:rhel_cluster:5:*:*:*:*:*:*:*

OR cpe:/a:plone:plone:2.0.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:23191	P	ELSA-2011:0394: conga security update (Important)	2014-05-26
oval:org.mitre.oval:def:21642	P	RHSA-2011:0394: conga security update (Important)	2014-02-24
oval:com.redhat.rhsa:def:20110394	P	RHSA-2011:0394: conga security update (Important)	2011-03-28

BACK