CVE-2014-3416 — MEDIUM (6.5)

Q: How severe is CVE-2014-3416?

CVE-2014-3416 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-3416?

Check the references section above for vendor advisories and patch information. Affected products include: Jasig Uportal.

Vulnerability Description

uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet.

CVSS Score

6.5

MEDIUM

AV:N/AC:L/Au:S/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Jasig	Uportal	<= 4.0.13

Related Weaknesses (CWE)

CWE-264

References

http://www.jasig.org/uportal/download/uportal-4-0-13-1PatchVendor Advisory
https://issues.jasig.org/browse/UP-4105
http://www.jasig.org/uportal/download/uportal-4-0-13-1PatchVendor Advisory
https://issues.jasig.org/browse/UP-4105

FAQ

What is CVE-2014-3416?

CVE-2014-3416 is a vulnerability with a CVSS score of 6.5 (MEDIUM). uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admi...

How severe is CVE-2014-3416?

CVE-2014-3416 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-3416?

Check the references section above for vendor advisories and patch information. Affected products include: Jasig Uportal.