Vulnerabilities > GE > Intelligent Platforms Proficy Real Time Information Portal > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2013-01-27	CVE-2013-0652	Permissions, Privileges, and Access Controls vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6/3.0/3.5 GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI call. network low complexity ge CWE-264	5.0
2013-01-27	CVE-2013-0651	Permissions, Privileges, and Access Controls vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6/3.0/3.5 The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request. network low complexity ge CWE-264	5.0
2012-03-15	CVE-2012-0232	Path Traversal vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6/3.0/3.5 Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings. network low complexity ge CWE-22	6.4

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.