Vulnerabilities > Redhat > Jboss Enterprise Portal Platform > Low

DATE CVE VULNERABILITY TITLE RISK
2013-10-28 CVE-2012-4572 Permissions, Privileges, and Access Controls vulnerability in Redhat products
Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications' authorization decisions via a crafted application.
local
high complexity
redhat CWE-264
3.7
2013-10-28 CVE-2013-2102 Improper Authentication vulnerability in Redhat Jboss Enterprise Portal Platform
The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service.
low complexity
redhat CWE-287
3.3
2012-11-23 CVE-2012-2377 Improper Authentication vulnerability in Redhat products
JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.
low complexity
redhat CWE-287
3.3