CVE-2011-2528

Description

Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.

How to fix CVE-2011-2528

To remediate CVE-2011-2528, upgrade the affected package to a fixed version below.

• PyPI/plone—upgrade to 3.3.6 or later
• —upgrade to 3.3.6 or later
• —no fix listed
• —upgrade to 2.12.19 or later

Is CVE-2011-2528 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (4)

• >= 3.3.2, < 3.3.6
• >= 3.3.2, < 3.3.6
• from 0, <= 3.0, <= 3.0.1, <= 3.0.2, <= 3.0.3, <= 3.0.4, <= 3.0.5, <= 3.0.6, <= 3.1, <= 3.1.1, <= 3.1.2, <= 3.1.3, <= 3.1.4, <= 3.1.5.1, <= 3.1.6, <= 3.1.7, <= 3.2, <= 3.2.1, <= 3.2.2, <= 3.2.3, <= 3.3, <= 3.3.1, <= 3.3.2, <= 3.3.3, <= 3.3.4, <= 3.3.5, <= 3.3.6, <= 4.0, <= 4.0.1, <= 4.0.2, <= 4.0.3, <= 4.0.4, <= 4.0.5, <= 4.0.6.1, <= 4.0.7, <= 4.0.8, <= 4.1, <= 2.12.0, <= 2.12.0-a1, <= 2.12.0-a2, <= 2.12.0-a3, <= 2.12.0-a4, <= 2.12.0-b1, <= 2.12.0-b2, <= 2.12.0-b3, <= 2.12.0-b4, <= 2.12.1, <= 2.12.2, <= 2.12.3, <= 2.12.4, <= 2.12.5, <= 2.12.6, <= 2.12.7, <= 2.12.8, <= 2.12.9, <= 2.12.10, <= 2.12.11, <= 2.12.12, <= 2.12.13, <= 2.12.14, <= 2.12.15, <= 2.12.16, <= 2.12.17, <= 2.12.18, <= 2.13.0, <= 2.13.0-a1, <= 2.13.0-a2, <= 2.13.0-a3, <= 2.13.0-a4, <= 2.13.0-b1, <= 2.13.0-c1, <= 2.13.1, <= 2.13.2, <= 2.13.3, <= 2.13.4, <= 2.13.5, <= 2.13.6, <= 2.13.7
• >= 2.12.0, < 2.12.19

References (15)

• ADVISORYplone.org/products/plone-hotfix/releases/20110622
• ADVISORYplone.org/products/plone/security/advisories/20110622
• ADVISORYsecunia.com/advisories/45056
• ADVISORYsecunia.com/advisories/45111
• ADVISORY