Auth bypass in Redhat Jboss_enterprise_portal_platform
CVE-2013-0314
The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access c…
Vulnerability class: Broken Authentication
EPSS: 0.006 (70.9th percentile) — read the EPSS interpretation.
Affected products
- Redhat Jboss_enterprise_portal_platform — versions 5.2.2
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_MISC)
- 52552 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- 91120 (x_refsource_OSVDB, vdb-entry)
- RHSA-2013:0613 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)