CVE-2013-0314

high

Description

The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets.

References

https://bugzilla.redhat.com/show_bug.cgi?id=913327

http://www.osvdb.org/91120

http://secunia.com/advisories/52552

http://rhn.redhat.com/errata/RHSA-2013-0613.html

Details

Source: Mitre, NVD

Published: 2013-04-12

Updated: 2013-04-15

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High