Vulnerabilities > Redhat > Jboss Enterprise Portal Platform

DATE CVE VULNERABILITY TITLE RISK
2015-07-16 CVE-2015-3244 Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Portal Platform 6.2.0
The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted resources, which allows remote attackers to obtain sensitive information via a URL with a modified resource ID.
network
redhat CWE-264
4.9
2014-12-11 CVE-2014-7852 Cross-Site Scripting vulnerability in Redhat Jboss Enterprise Portal Platform 6.1.1
Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file.
network
redhat CWE-79
4.3
2014-07-22 CVE-2014-3518 Code Injection vulnerability in Redhat products
jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to execute arbitrary code via unspecified vectors.
network
redhat CWE-94
6.8
2014-02-26 CVE-2011-4580 Cross-Site Scripting vulnerability in Redhat Jboss Enterprise Portal Platform
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
redhat CWE-79
4.3
2014-02-26 CVE-2011-2941 Improper Input Validation vulnerability in Redhat Jboss Enterprise Portal Platform
Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the initialURI parameter.
network
redhat CWE-20
5.8
2013-12-23 CVE-2013-4424 Cross-Site Scripting vulnerability in Redhat Jboss Enterprise Portal Platform 6.1.0
Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
redhat CWE-79
4.3
2013-10-28 CVE-2013-2186 Improper Input Validation vulnerability in multiple products
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
network
low complexity
redhat ubuntu CWE-20
7.5
2013-10-28 CVE-2013-2102 Improper Authentication vulnerability in Redhat Jboss Enterprise Portal Platform
The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service.
low complexity
redhat CWE-287
3.3
2013-10-28 CVE-2012-4572 Permissions, Privileges, and Access Controls vulnerability in Redhat products
Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications' authorization decisions via a crafted application.
local
high complexity
redhat CWE-264
3.7
2013-07-29 CVE-2011-1483 wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.
network
low complexity
redhat hp
5.0