Vulnerabilities > Redhat > Jboss Enterprise Portal Platform
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-04-12 | CVE-2013-0315 | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Portal Platform 5.2.2 The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack. | 5.0 |
| 2013-04-12 | CVE-2013-0314 | Improper Authentication vulnerability in Redhat Jboss Enterprise Portal Platform 5.2.2 The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets. | 7.5 |
| 2013-04-12 | CVE-2012-3532 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss Enterprise Portal Platform Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
| 2013-01-18 | CVE-2012-5531 | Cross-Site Scripting vulnerability in Redhat Jboss Enterprise Portal Platform 5.2.2 Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-11-23 | CVE-2012-2377 | Improper Authentication vulnerability in Redhat products JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast. | 3.3 |