Home > Vulnerability Database > CVE-2011-1950

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2011-1950

Date: June 6, 2011

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

Language: Python

Severity Score

6.5

Related Resources (11)

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-1950

Url: http://www.securityfocus.com/bid/48005

Url: http://osvdb.org/72729

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/67695

Url: http://www.securityfocus.com/archive/1/518155/100/0/threaded

Url: https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-16.yaml

Url: http://plone.org/products/plone/security/advisories/CVE-2011-1950

Url: http://securityreason.com/securityalert/8269

Url: https://github.com/advisories/GHSA-2qx8-589j-gcpx

Url: http://secunia.com/advisories/44775

Url: https://www.mend.io/vulnerability-database/CVE-2011-1950

Severity Score

6.5

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	5.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us