CVE-2011-1950
published 2011-06-06CVE-2011-1950: plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in…
PriorityP272medium5.5CVSS 2.0
AVNACLAuSCNIPAP
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.58%
72.4th percentile
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | >= 0 < 4.1.1 | 4.1.1 |
| plone | plone | >= 4.0.1 < 4.0.6 | 4.0.6 |
| plone | plone | >= 4.1.0 < 4.1.1 | 4.1.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is specific to plone.app.users component in Plone versions 4.0 and 4.1 only; other versions are not affected ↗
- →This vulnerability was actively exploited in the wild; detections should prioritize Plone 4.0/4.1 deployments with authenticated user activity targeting account property modification ↗
- ·Red Hat Enterprise Linux 5 and Red Hat Cluster Suite EL4 (via conga package) are NOT affected by this CVE ↗
- ·EPEL-5 repository version of the plone package is also NOT affected ↗
CVSS provenance
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:P
vulncheck5.5MEDIUM
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Plone and plone.app.users allow remote authenticated users to modify the properties of arbitrary accounts
ghsa·2018-07-23
CVE-2011-1950 [HIGH] Plone and plone.app.users allow remote authenticated users to modify the properties of arbitrary accounts
Plone and plone.app.users allow remote authenticated users to modify the properties of arbitrary accounts
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
OSV
Plone and plone.app.users allow remote authenticated users to modify the properties of arbitrary accounts
osv·2018-07-23
CVE-2011-1950 [HIGH] Plone and plone.app.users allow remote authenticated users to modify the properties of arbitrary accounts
Plone and plone.app.users allow remote authenticated users to modify the properties of arbitrary accounts
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
OSV
CVE-2011-1950: plone
osv·2011-06-06
CVE-2011-1950 CVE-2011-1950: plone
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
VulnCheck
plone.app.users in Plone 4.0 and 4.1 Remote Authenticated Account Manipulation
vulncheck·2011·CVSS 5.5
CVE-2011-1950 [MEDIUM] plone.app.users in Plone 4.0 and 4.1 Remote Authenticated Account Manipulation
plone.app.users in Plone 4.0 and 4.1 Remote Authenticated Account Manipulation
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
Affected: plone plone
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://nvd.nist.gov/vuln/detail/CVE-2011-1950; https://www.cve.org/CVERecord?id=CVE-2011-1950
Red Hat
plone: Privilege escalation via plone.app.users (Plone v4.0 and v4.1 specific)
vendor_redhat·2011-05-31·CVSS 5.5
CVE-2011-1950 [MEDIUM] plone: Privilege escalation via plone.app.users (Plone v4.0 and v4.1 specific)
plone: Privilege escalation via plone.app.users (Plone v4.0 and v4.1 specific)
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
Statement: Not Vulnerable. This issue does not affect the version of conga as shipped with Red Hat Enterprise Linux 5 and Red Hat Cluster Suite EL4
No detection rules found.
No public exploits indexed.
http://osvdb.org/72729http://plone.org/products/plone/security/advisories/CVE-2011-1950http://secunia.com/advisories/44775http://securityreason.com/securityalert/8269http://www.securityfocus.com/archive/1/518155/100/0/threadedhttp://www.securityfocus.com/bid/48005https://exchange.xforce.ibmcloud.com/vulnerabilities/67695http://osvdb.org/72729http://plone.org/products/plone/security/advisories/CVE-2011-1950http://secunia.com/advisories/44775http://securityreason.com/securityalert/8269http://www.securityfocus.com/archive/1/518155/100/0/threadedhttp://www.securityfocus.com/bid/48005https://exchange.xforce.ibmcloud.com/vulnerabilities/67695
2011-06-06
Published
Exploited in the wild