Vulnerability Description
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
CVSS Score
5.5
MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Plone | Plone | 4.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/72729
- http://plone.org/products/plone/security/advisories/CVE-2011-1950PatchVendor Advisory
- http://secunia.com/advisories/44775Vendor Advisory
- http://securityreason.com/securityalert/8269
- http://www.securityfocus.com/archive/1/518155/100/0/threaded
- http://www.securityfocus.com/bid/48005
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67695
- http://osvdb.org/72729
- http://plone.org/products/plone/security/advisories/CVE-2011-1950PatchVendor Advisory
- http://secunia.com/advisories/44775Vendor Advisory
- http://securityreason.com/securityalert/8269
- http://www.securityfocus.com/archive/1/518155/100/0/threaded
- http://www.securityfocus.com/bid/48005
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67695
FAQ
What is CVE-2011-1950?
CVE-2011-1950 is a vulnerability with a CVSS score of 5.5 (MEDIUM). plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
How severe is CVE-2011-1950?
CVE-2011-1950 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1950?
Check the references section above for vendor advisories and patch information. Affected products include: Plone Plone.