CVE-2013-0315

Name of the Vulnerable Software and Affected Versions JBoss Enterprise Portal Platform version 5.2.2

Description The issue allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, specifically through an XML Entity Expansion (XEE) attack. This is related to the GateIn Portal export/import gadget.

Recommendations For JBoss Enterprise Portal Platform version 5.2.2, consider restricting access to the GateIn Portal export/import gadget until a patch is available. As a temporary workaround, disabling the import/export functionality of the gadget can help minimize the risk of exploitation.