Vulnerability Description
The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Enterprise Portal Platform | 5.2.2 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2013-0613.htmlVendor Advisory
- http://secunia.com/advisories/52552Vendor Advisory
- http://www.osvdb.org/91120
- https://bugzilla.redhat.com/show_bug.cgi?id=913327
- http://rhn.redhat.com/errata/RHSA-2013-0613.htmlVendor Advisory
- http://secunia.com/advisories/52552Vendor Advisory
- http://www.osvdb.org/91120
- https://bugzilla.redhat.com/show_bug.cgi?id=913327
FAQ
What is CVE-2013-0314?
CVE-2013-0314 is a vulnerability with a CVSS score of 7.5 (HIGH). The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents,...
How severe is CVE-2013-0314?
CVE-2013-0314 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0314?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Portal Platform.