CVE-2015-3244

Name of the Vulnerable Software and Affected Versions Red Hat JBoss Portal version 6.2.0

Description The issue allows remote attackers to obtain sensitive information via a URL with a modified resource ID, due to improper restriction of access to restricted resources in the Portlet Bridge for JavaServer Faces when used in portlets with the default resource serving for GenericPortlet.

Recommendations For Red Hat JBoss Portal version 6.2.0, update the configuration to properly restrict access to restricted resources, or apply a patch if available, to prevent remote attackers from obtaining sensitive information.