CVE-2011-0720
First published: Thu Feb 03 2011(Updated: )
Common Vulnerabilities and Exposures assigned an identifier <a href="https://access.redhat.com/security/cve/CVE-2011-0720">CVE-2011-0720</a> to the following vulnerability: Name: <a href="https://access.redhat.com/security/cve/CVE-2011-0720">CVE-2011-0720</a> URL: <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0720">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0720</a> Assigned: 20110131 Reference: <a href="http://plone.org/products/plone/security/advisories/cve-2011-0720">http://plone.org/products/plone/security/advisories/cve-2011-0720</a> Reference: <a href="http://www.securityfocus.com/bid/46102">http://www.securityfocus.com/bid/46102</a> Reference: <a href="http://secunia.com/advisories/43146">http://secunia.com/advisories/43146</a> Reference: <a href="http://xforce.iss.net/xforce/xfdb/65099">http://xforce.iss.net/xforce/xfdb/65099</a> Unspecified vulnerability in Plone 2.5 through 4.0 allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors. The hotfix for this issue is available here: <a href="http://plone.org/products/plone-hotfix/releases/CVE-2011-0720/">http://plone.org/products/plone-hotfix/releases/CVE-2011-0720/</a> Some Plone components are included in conga, so this flaw may have some impact there.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/conga | <0:0.11.2-4.el4.2 | 0:0.11.2-4.el4.2 |
| redhat/conga | <0:0.12.2-24.el5_6.1 | 0:0.12.2-24.el5_6.1 |
| pip/Plone | >=2.5<4.0.4 | 4.0.4 |
| Plone CMS | =2.5 | |
| Plone CMS | =2.5.1 | |
| Plone CMS | =2.5.2 | |
| Plone CMS | =2.5.3 | |
| Plone CMS | =2.5.4 | |
| Plone CMS | =2.5.5 | |
| Plone CMS | =3.0 | |
| Plone CMS | =3.0.1 | |
| Plone CMS | =3.0.2 | |
| Plone CMS | =3.0.3 | |
| Plone CMS | =3.0.4 | |
| Plone CMS | =3.0.5 | |
| Plone CMS | =3.0.6 | |
| Plone CMS | =3.1 | |
| Plone CMS | =3.1.1 | |
| Plone CMS | =3.1.2 | |
| Plone CMS | =3.1.3 | |
| Plone CMS | =3.1.4 | |
| Plone CMS | =3.1.5.1 | |
| Plone CMS | =3.1.6 | |
| Plone CMS | =3.1.7 | |
| Plone CMS | =3.2 | |
| Plone CMS | =3.2.1 | |
| Plone CMS | =3.2.2 | |
| Plone CMS | =3.2.3 | |
| Plone CMS | =3.3 | |
| Plone CMS | =3.3.1 | |
| Plone CMS | =3.3.2 | |
| Plone CMS | =3.3.3 | |
| Plone CMS | =3.3.4 | |
| Plone CMS | =3.3.5 | |
| Plone CMS | =4.0 | |
| Red Hat Conga | ||
| Red Hat Luci | ||
| All of | ||
| Any of | ||
| Plone CMS | =2.5 | |
| Plone CMS | =2.5.1 | |
| Plone CMS | =2.5.2 | |
| Plone CMS | =2.5.3 | |
| Plone CMS | =2.5.4 | |
| Plone CMS | =2.5.5 | |
| Plone CMS | =3.0 | |
| Plone CMS | =3.0.1 | |
| Plone CMS | =3.0.2 | |
| Plone CMS | =3.0.3 | |
| Plone CMS | =3.0.4 | |
| Plone CMS | =3.0.5 | |
| Plone CMS | =3.0.6 | |
| Plone CMS | =3.1 | |
| Plone CMS | =3.1.1 | |
| Plone CMS | =3.1.2 | |
| Plone CMS | =3.1.3 | |
| Plone CMS | =3.1.4 | |
| Plone CMS | =3.1.5.1 | |
| Plone CMS | =3.1.6 | |
| Plone CMS | =3.1.7 | |
| Plone CMS | =3.2 | |
| Plone CMS | =3.2.1 | |
| Plone CMS | =3.2.2 | |
| Plone CMS | =3.2.3 | |
| Plone CMS | =3.3 | |
| Plone CMS | =3.3.1 | |
| Plone CMS | =3.3.2 | |
| Plone CMS | =3.3.3 | |
| Plone CMS | =3.3.4 | |
| Plone CMS | =3.3.5 | |
| Plone CMS | =4.0 | |
| Any of | ||
| Red Hat Conga | ||
| Red Hat Luci |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/43146
- http://www.securityfocus.com/bid/46102
- http://plone.org/products/plone/security/advisories/cve-2011-0720
- http://osvdb.org/70753
- http://www.redhat.com/support/errata/RHSA-2011-0394.html
- http://www.redhat.com/support/errata/RHSA-2011-0393.html
- http://www.vupen.com/english/advisories/2011/0796
- http://secunia.com/advisories/43914
- http://www.securitytracker.com/id?1025258
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65099
- https://access.redhat.com/security/cve/CVE-2011-0720
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0720
- http://xforce.iss.net/xforce/xfdb/65099
- http://plone.org/products/plone-hotfix/releases/CVE-2011-0720/
- https://rhn.redhat.com/errata/RHSA-2011-0394.html
- https://rhn.redhat.com/errata/RHSA-2011-0393.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=692661
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=692662
- https://bugzilla.redhat.com/show_bug.cgi?id=676961
- https://www.cve.org/CVERecord?id=CVE-2011-0720 https://nvd.nist.gov/vuln/detail/CVE-2011-0720
- https://access.redhat.com/errata/RHSA-2011:0393
- https://access.redhat.com/errata/RHSA-2011:0394
- https://www.redhat.com/security/data/cve/CVE-2011-0720.html
- https://nvd.nist.gov/vuln/detail/CVE-2011-0720
- https://plone.org/products/plone-hotfix/releases/CVE-2011-0720/logchecker.py
- https://seclists.org/fulldisclosure/2011/Apr/293
- https://web.archive.org/web/20110505051314/http://secunia.com/advisories/43914
- https://web.archive.org/web/20110826134658/http://secunia.com/advisories/43146
- https://web.archive.org/web/20200229153953/http://www.securityfocus.com/bid/46102
- https://github.com/advisories/GHSA-3v28-9jjp-4g5w (Advisory)
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-13.yaml
Frequently Asked Questions
What is the severity of CVE-2011-0720?
CVE-2011-0720 is classified as a critical vulnerability that can lead to serious security issues if not addressed.
How do I fix CVE-2011-0720?
To address CVE-2011-0720, update your Plone installation to version 4.0.4 or later, or apply the specific patches provided by your vendor.
Which versions of Plone are affected by CVE-2011-0720?
CVE-2011-0720 affects multiple versions of Plone from 2.5 to 4.0, including several intermediate versions.
What are some common impacts of CVE-2011-0720?
The impacts of CVE-2011-0720 may include unauthorized access to sensitive data and compromise of web applications.
Is there a workaround for CVE-2011-0720?
While updating is the recommended solution for CVE-2011-0720, you may also consider restricting access to vulnerable components as a temporary workaround.
- collector/nvd-historical
- collector/redhat-bugzilla
- alias/CVE-2011-0720
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/description
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/event
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-3v28-9jjp-4g5w
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/references
- collector/github-advisory
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- package-manager/redhat
- package-manager/pip
- vendor/plone
- canonical/plone cms
- version/plone cms/2.5
- version/plone cms/2.5.1
- version/plone cms/2.5.2
- version/plone cms/2.5.3
- version/plone cms/2.5.4
- version/plone cms/2.5.5
- version/plone cms/3.0
- version/plone cms/3.0.1
- version/plone cms/3.0.2
- version/plone cms/3.0.3
- version/plone cms/3.0.4
- version/plone cms/3.0.5
- version/plone cms/3.0.6
- version/plone cms/3.1
- version/plone cms/3.1.1
- version/plone cms/3.1.2
- version/plone cms/3.1.3
- version/plone cms/3.1.4
- version/plone cms/3.1.5.1
- version/plone cms/3.1.6
- version/plone cms/3.1.7
- version/plone cms/3.2
- version/plone cms/3.2.1
- version/plone cms/3.2.2
- version/plone cms/3.2.3
- version/plone cms/3.3
- version/plone cms/3.3.1
- version/plone cms/3.3.2
- version/plone cms/3.3.3
- version/plone cms/3.3.4
- version/plone cms/3.3.5
- version/plone cms/4.0
- vendor/redhat
- canonical/red hat conga
- canonical/red hat luci