CVE-2013-0314

JBoss Enterprise Portal Platform 5.2.2 - Improper Authentication in GateIn Portal Export/Import Gadget

Title source: llm
STIX 2.1

Description

The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets.

References (4)

Core 4
Core References
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=913327
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/52552
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/91120
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0613.html

Scores

EPSS 0.0163
EPSS Percentile 73.3%

Details

CWE
CWE-287
Status published
Products (1)
redhat/jboss_enterprise_portal_platform 5.2.2
Published Apr 12, 2013
Tracked Since Feb 18, 2026