Vulnerabilities > Redhat > Jboss Enterprise Portal Platform > 4.3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-02-26 | CVE-2011-4580 | Cross-Site Scripting vulnerability in Redhat Jboss Enterprise Portal Platform Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-02-26 | CVE-2011-2941 | Improper Input Validation vulnerability in Redhat Jboss Enterprise Portal Platform Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the initialURI parameter. | 5.8 |
| 2013-10-28 | CVE-2013-2186 | Improper Input Validation vulnerability in multiple products The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance. | 7.5 |
| 2013-10-28 | CVE-2013-2102 | Improper Authentication vulnerability in Redhat Jboss Enterprise Portal Platform The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service. | 3.3 |
| 2013-10-28 | CVE-2012-4572 | Permissions, Privileges, and Access Controls vulnerability in Redhat products Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications' authorization decisions via a crafted application. | 3.7 |
| 2013-07-29 | CVE-2011-1483 | wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564. | 5.0 |
| 2013-04-12 | CVE-2012-3532 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss Enterprise Portal Platform Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
| 2012-11-23 | CVE-2012-2377 | Improper Authentication vulnerability in Redhat products JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast. | 3.3 |