PT-2013-2226 · Red Hat · Jboss Enterprise Portal Platform

Nick Scavelli

Published

2013-04-12

Updated

2013-04-15

CVE-2013-0314

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions JBoss Enterprise Portal Platform version 5.2.2

Description The issue concerns the GateIn Portal export/import gadget, which fails to properly check authentication when importing Zip files. This allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets.

Recommendations For JBoss Enterprise Portal Platform version 5.2.2, consider restricting access to the import functionality of the GateIn Portal export/import gadget until a proper fix is available, to minimize the risk of unauthorized modifications to site contents or access controls.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2013-0314

Affected Products

Jboss Enterprise Portal Platform

PT-2013-2226 · Red Hat · Jboss Enterprise Portal Platform

CVE-2013-0314

Weakness Enumeration

Related Identifiers

Affected Products

References · 5