CVE-2011-4030

The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.

Published: 2011-10-10 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2011-4030 is rated High Risk (65.3/100): CVSS Critical severity, with medium exploitation likelihood (EPSS 1.97%). High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2011-4030

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 1.07% 1.97% +0.91%
2 2025-03-30 2.01% 1.07% -0.94%
3 2025-03-29 2.01%

Full EPSS history (6 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2011-4030

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
9.3 2.0 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 8.6 10.0 [email protected]

Weakness enumeration for CVE-2011-4030

GitHub Security Advisory for CVE-2011-4030

GHSA-pwgm-jvqv-6v8p · Severity: high · Ecosystem: pip — Plone anonymous access to sub-objects in CMFEditions where KwAsAttributes classes were publishable

OS Trackers for CVE-2011-4030

vendor priority summary link
redhat low https://access.redhat.com/security/cve/CVE-2011-4030

Affected software / configurations for CVE-2011-4030

Vendor Product Version Raw CPE
plone cmfeditions 2.0a1 cpe:2.3:a:plone:cmfeditions:2.0a1:*:*:*:*:*:*:*
plone cmfeditions 2.0b1 cpe:2.3:a:plone:cmfeditions:2.0b1:*:*:*:*:*:*:*
plone cmfeditions 2.0b2 cpe:2.3:a:plone:cmfeditions:2.0b2:*:*:*:*:*:*:*
plone cmfeditions 2.0b3 cpe:2.3:a:plone:cmfeditions:2.0b3:*:*:*:*:*:*:*
plone cmfeditions 2.0b4 cpe:2.3:a:plone:cmfeditions:2.0b4:*:*:*:*:*:*:*
plone cmfeditions 2.0b5 cpe:2.3:a:plone:cmfeditions:2.0b5:*:*:*:*:*:*:*
plone cmfeditions 2.0b6 cpe:2.3:a:plone:cmfeditions:2.0b6:*:*:*:*:*:*:*
plone cmfeditions 2.0b7 cpe:2.3:a:plone:cmfeditions:2.0b7:*:*:*:*:*:*:*
plone cmfeditions 2.0b8 cpe:2.3:a:plone:cmfeditions:2.0b8:*:*:*:*:*:*:*
plone cmfeditions 2.0b9 cpe:2.3:a:plone:cmfeditions:2.0b9:*:*:*:*:*:*:*
plone plone 4.0 cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
plone plone 4.0.1 cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*
plone plone 4.0.2 cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*
plone plone 4.0.3 cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*
plone plone 4.0.4 cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*
plone plone 4.0.5 cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*
plone plone 4.0.6.1 cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*
plone plone 4.0.7 cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*
plone plone 4.0.8 cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*
plone plone 4.0.9 cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*
plone plone 4.1 cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*
plone plone 4.2 cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*
plone plone 4.2a1 cpe:2.3:a:plone:plone:4.2a1:*:*:*:*:*:*:*
plone plone 4.2a2 cpe:2.3:a:plone:plone:4.2a2:*:*:*:*:*:*:*

References for CVE-2011-4030

cvelogic Threat Intelligence