CVE-2011-2528

high

Description

Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.

References

https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html

https://bugzilla.redhat.com/show_bug.cgi?id=718824

http://www.openwall.com/lists/oss-security/2011/07/12/9

http://www.openwall.com/lists/oss-security/2011/07/04/6

http://secunia.com/advisories/45111

http://secunia.com/advisories/45056

http://plone.org/products/plone/security/advisories/20110622

http://plone.org/products/plone-hotfix/releases/20110622

Details

Source: Mitre, NVD

Published: 2011-07-19

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: High

EPSS

EPSS: 0.00593