CVE-2013-0315 — Redhat Jboss Enterprise Portal Platform vulnerability

CWE-2645 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 42.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Portal Platform

Timeline

PublishedApr 12

Latest updateMay 5

Description

The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/jboss_enterprise_portal_platform5.2.2

🔴Vulnerability Details

GHSA

GHSA-rphh-qhqw-93pr: The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5↗2022-05-05

▶

CVEList

CVE-2013-0315: The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5↗2013-04-12

▶

📋Vendor Advisories

Red Hat

Portal: XML eXternal Entity (XXE) flaw in site import↗2013-03-07

▶

💬Community

Bugzilla

CVE-2013-0315 GateIn Portal: XML eXternal Entity (XXE) flaw in site import↗2013-02-21

▶