Vulnerability Description
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Plone | Plone Hotfix 20110720 | All versions |
| Plone | Plone | 3.0 |
| Zope | Zope | 2.12.0 |
References
- http://plone.org/products/plone-hotfix/releases/20110622PatchVendor Advisory
- http://plone.org/products/plone/security/advisories/20110622PatchVendor Advisory
- http://secunia.com/advisories/45056Vendor Advisory
- http://secunia.com/advisories/45111Vendor Advisory
- http://www.openwall.com/lists/oss-security/2011/07/04/6Patch
- http://www.openwall.com/lists/oss-security/2011/07/12/9Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=718824Patch
- https://mail.zope.org/pipermail/zope-announce/2011-June/002260.htmlPatch
- http://plone.org/products/plone-hotfix/releases/20110622PatchVendor Advisory
- http://plone.org/products/plone/security/advisories/20110622PatchVendor Advisory
- http://secunia.com/advisories/45056Vendor Advisory
- http://secunia.com/advisories/45111Vendor Advisory
- http://www.openwall.com/lists/oss-security/2011/07/04/6Patch
- http://www.openwall.com/lists/oss-security/2011/07/12/9Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=718824Patch
FAQ
What is CVE-2011-2528?
CVE-2011-2528 is a vulnerability with a CVSS score of 7.5 (HIGH). Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privil...
How severe is CVE-2011-2528?
CVE-2011-2528 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2528?
Check the references section above for vendor advisories and patch information. Affected products include: Plone Plone Hotfix 20110720, Plone Plone, Zope Zope.