CVE-2013-0314

Name of the Vulnerable Software and Affected Versions JBoss Enterprise Portal Platform version 5.2.2

Description The issue concerns the GateIn Portal export/import gadget, which fails to properly check authentication when importing Zip files. This allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets.

Recommendations For JBoss Enterprise Portal Platform version 5.2.2, consider restricting access to the import functionality of the GateIn Portal export/import gadget until a proper fix is available, to minimize the risk of unauthorized modifications to site contents or access controls.