cbcvebase.
CVE-2011-1950
published 2011-06-06

CVE-2011-1950: plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in…

PriorityP272medium5.5CVSS 2.0
AVNACLAuSCNIPAP
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.58%
72.4th percentile
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

Affected

5 ranges
VendorProductVersion rangeFixed in
ploneplone
ploneplone
ploneplone>= 0 < 4.1.14.1.1
ploneplone>= 4.0.1 < 4.0.64.0.6
ploneplone>= 4.1.0 < 4.1.14.1.1

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is specific to plone.app.users component in Plone versions 4.0 and 4.1 only; other versions are not affected
  • This vulnerability was actively exploited in the wild; detections should prioritize Plone 4.0/4.1 deployments with authenticated user activity targeting account property modification
  • ·Red Hat Enterprise Linux 5 and Red Hat Cluster Suite EL4 (via conga package) are NOT affected by this CVE
  • ·EPEL-5 repository version of the plone package is also NOT affected

CVSS provenance

nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:P
vulncheck5.5MEDIUM
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.