Redhat Jboss Portal vulnerabilities

5 known vulnerabilities affecting redhat/jboss_portal.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2011-2487MEDIUMCVSS 5.9v4.0.02020-03-11
CVE-2011-2487 [MEDIUM] CWE-327 CVE-2011-2487: The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache W The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
nvd
CVE-2012-5626HIGHCVSS 7.5v4.0.0v5.0.02020-01-23
CVE-2012-5626 [HIGH] CVE-2012-5626: EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss O EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.
nvd
CVE-2014-0245MEDIUMCVSS 5.9v6.2.02020-01-02
CVE-2014-0245 [MEDIUM] CWE-362 CVE-2014-0245: It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was n It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the
nvd
CVE-2015-7501CRITICALCVSS 9.8v6.0.02017-11-09
CVE-2015-7501 [CRITICAL] CWE-502 CVE-2015-7501: Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualiza Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Ha
nvd
CVE-2015-5176MEDIUMCVSS 5.8v6.2.02015-08-11
CVE-2015-5176 [MEDIUM] CWE-17 CVE-2015-5176: The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not prope The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.
nvd