{"api_version":"1","generated_at":"2026-05-08T04:41:11+00:00","cve":"CVE-2013-4197","urls":{"html":"https://cve.report/CVE-2013-4197","api":"https://cve.report/api/cve/CVE-2013-4197.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-4197","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-4197"},"summary":{"title":"CVE-2013-4197","description":"member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors.","state":"PUBLISHED","assigner":"redhat","published_at":"2014-03-11 19:37:02","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-20","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5.5","severity":"","vector":"AV:N/AC:L/Au:S/C:N/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:P","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://seclists.org/oss-sec/2013/q3/261","name":"http://seclists.org/oss-sec/2013/q3/261","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"oss-sec: Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://plone.org/products/plone/security/advisories/20130618-announcement","name":"http://plone.org/products/plone/security/advisories/20130618-announcement","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Security vulnerability announcement: 20130618 - Multiple vectors — Plone CMS: Open Source Content Management","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=978478","name":"https://bugzilla.redhat.com/show_bug.cgi?id=978478","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"978478 – (CVE-2013-4197) CVE-2013-4197 plone: Authenticated users able to modify / delete portraits of other users (member_portrait.py)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://plone.org/products/plone-hotfix/releases/20130618","name":"http://plone.org/products/plone-hotfix/releases/20130618","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Plone Hotfix 20130618 — Plone CMS: Open Source Content Management","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-4197","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4197","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"2.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"2.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"2.1.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"2.1.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"2.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"2.5.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"2.5.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"2.5.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"2.5.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"2.5.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.0.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.0.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.1.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.1.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.1.5.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.1.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.1.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.2.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.3.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.3.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.3.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"3.3.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"4.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"4.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"4.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"4.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"4.0.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"4.0.6.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"4.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"4.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"4.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"4.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"4.2.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"4.2.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"4.2.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"4.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4197","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"plone","cpe5":"plone","cpe6":"4.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T16:38:01.422Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://plone.org/products/plone/security/advisories/20130618-announcement"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://plone.org/products/plone-hotfix/releases/20130618"},{"name":"[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://seclists.org/oss-sec/2013/q3/261"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=978478"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2013-08-01T00:00:00.000Z","descriptions":[{"lang":"en","value":"member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2014-03-11T14:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://plone.org/products/plone/security/advisories/20130618-announcement"},{"tags":["x_refsource_CONFIRM"],"url":"http://plone.org/products/plone-hotfix/releases/20130618"},{"name":"[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)","tags":["mailing-list","x_refsource_MLIST"],"url":"http://seclists.org/oss-sec/2013/q3/261"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=978478"}]}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2013-4197","datePublished":"2014-03-11T15:00:00.000Z","dateReserved":"2013-06-12T00:00:00.000Z","dateUpdated":"2024-08-06T16:38:01.422Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2014-03-11 19:37:02","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-20","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:P","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*","matchCriteriaId":"1F1818BB-E23A-4136-898D-1D0C80C08728"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"5CB06627-133A-40D1-8816-E31E0A9BAD22"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"AE7E448A-2C0C-4DE0-89EA-904718CB6C6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6E727C5C-9E54-49F7-B92C-2492069AAE08"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"BFD68465-4CDC-4788-8932-41335B5C4AC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*","matchCriteriaId":"A7B739E0-FB73-401C-AB1A-E3C1434AA2A3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*","matchCriteriaId":"CE168A35-1A46-4A6F-8A08-25CDD886066D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"CFE0FC06-369B-46CF-9B1E-BAF7AF87E950"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*","matchCriteriaId":"08747064-EC22-40B4-92EF-4640788FE55D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"A4EB85E3-9A76-4B79-AF7D-91484784A2EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*","matchCriteriaId":"78755057-2613-4D5E-8F59-2C117EE282B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*","matchCriteriaId":"D49359CD-63EF-4D3A-92DC-C16DEE88138B"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*","matchCriteriaId":"9DE940BA-B784-4193-AB77-333F15B6C32D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*","matchCriteriaId":"9762C674-380B-4831-BBA1-3B27742121B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*","matchCriteriaId":"3D938645-80CE-4287-830E-A3BD0C5C84FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*","matchCriteriaId":"BB0F7BFC-DC20-46B3-90E7-264E3A8A7886"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*","matchCriteriaId":"F2C09C10-AEA0-41F4-B964-507B40580BE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*","matchCriteriaId":"7B60568E-A688-46AF-B627-062A029A7324"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*","matchCriteriaId":"8B635DAD-AC53-4484-8750-200B662DAFD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*","matchCriteriaId":"0B647E76-E8B8-4329-8848-3B90EB262807"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"0D0A6B8F-4018-44DC-9862-45309619DC6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"0F10374F-2BB3-48D2-B19F-9B2D038A8E35"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*","matchCriteriaId":"FEAC4F93-D26C-48F3-A7FF-8DC008FC2671"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*","matchCriteriaId":"552661B7-093D-4B3C-8770-FCDE6032AA17"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*","matchCriteriaId":"5180F9D2-E44B-455D-968C-792026AC832A"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*","matchCriteriaId":"636226E4-B880-41FE-A727-EF56CF8E6249"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*","matchCriteriaId":"BF6E934A-C344-4861-8CD4-D18D52672D5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*","matchCriteriaId":"25780BBE-8013-4100-9EA8-7EFC244399A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*","matchCriteriaId":"A089ED64-07E6-4F4C-97AE-AF74269A4DB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*","matchCriteriaId":"EF2334C9-9B34-4C7D-93A2-172E596E05C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*","matchCriteriaId":"354046F4-FA55-4AFC-935A-C803D36CDE86"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*","matchCriteriaId":"DF1496A7-6D0A-4970-B0BF-83758065BC6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*","matchCriteriaId":"47DEF57C-92F0-4999-AF8E-CEE27EE92CD6"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*","matchCriteriaId":"4BED4241-D823-402A-A389-7E52C410E2F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*","matchCriteriaId":"CE9A55E6-F265-4BB8-8683-3E0CFA01EC73"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*","matchCriteriaId":"970FD910-50A4-478A-ADE6-EB912C261DAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*","matchCriteriaId":"0A490523-1063-44E4-A72A-C23070279181"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*","matchCriteriaId":"D8559F17-63D1-45DB-8A28-47F729DC6686"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*","matchCriteriaId":"FDC93803-6506-4382-A013-18010EE7E06B"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*","matchCriteriaId":"E65977FD-A880-4D16-B56B-94A72774F42D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*","matchCriteriaId":"4EA5B4F8-2155-403D-97D8-1272285D508B"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*","matchCriteriaId":"A3CA2943-77E5-4384-A019-415BBCE62F94"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*","matchCriteriaId":"B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*","matchCriteriaId":"538A3519-5B04-4FE5-A3C0-FD26EFA32705"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*","matchCriteriaId":"F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"E08F4534-A588-463F-A745-39E559AB1CB8"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"B64341BA-5722-415E-9771-9837168AB7C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"E2929227-AE19-428D-9AC3-D312A559039B"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"3B6DC866-0FEE-475B-855C-A69E004810CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"50BF3E8E-152C-4E89-BAA2-A952D10F4611"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*","matchCriteriaId":"49DB97A7-89DD-43C0-A490-84AA7069764B"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*","matchCriteriaId":"7C44B53B-953B-4522-A5B4-11573850D2CD"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"4197","Ordinal":"1","Title":"CVE-2013-4197","CVE":"CVE-2013-4197","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"4197","Ordinal":"1","NoteData":"member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors.","Type":"Description","Title":"CVE-2013-4197"},{"CveYear":"2013","CveId":"4197","Ordinal":"2","NoteData":"2014-03-11","Type":"Other","Title":"Published"},{"CveYear":"2013","CveId":"4197","Ordinal":"3","NoteData":"2014-03-11","Type":"Other","Title":"Modified"}]}}}