CVE-2013-0314 — Improper Authentication in Redhat Jboss Enterprise Portal Platform

CWE-287 — Improper Authentication CWE-306 — Missing Authentication for Critical Function5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 29.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Portal Platform

Timeline

PublishedApr 12

Latest updateMay 5

Description

The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDredhat/jboss_enterprise_portal_platform5.2.2

🔴Vulnerability Details

GHSA

GHSA-5gr9-q682-676m: The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5↗2022-05-05

▶

CVEList

CVE-2013-0314: The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5↗2013-04-12

▶

📋Vendor Advisories

Red Hat

Portal: remote unauthenticated site import↗2013-03-07

▶

💬Community

Bugzilla

CVE-2013-0314 GateIn Portal: remote unauthenticated site import↗2013-02-21

▶