CVE-2013-0314

Redhat Jboss Enterprise Portal Platform - Authentication Bypass

Title source: rule

Description

The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets.

References (4)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-0613.html

[Vendor Advisory] http://secunia.com/advisories/52552

[Third Party Advisory, VDB Entry] http://www.osvdb.org/91120

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=913327

Scores

EPSS 0.0064

EPSS Percentile 70.2%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

redhat/jboss_enterprise_portal_platform

Timeline

Published Apr 12, 2013

Tracked Since Feb 18, 2026