Skip to main content

Jboss Enterprise Portal Platform

15 CVEs product

Monthly

CVE-2015-3244 MEDIUM This Month

The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Jboss Enterprise Portal Platform
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2014-7852 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Jboss Enterprise Portal Platform
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3518 MEDIUM This Month

jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Red Hat Jboss Enterprise Application Platform Jboss Enterprise Brms Platform +2
NVD
CVSS 2.0
6.8
EPSS
1.7%
CVE-2013-2185 Maven HIGH PATCH This Week

The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Tomcat Red Hat Apache Information Disclosure Jboss Enterprise Application Platform +1
NVD
CVSS 2.0
7.5
EPSS
5.3%
CVE-2013-4424 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat XSS Jboss Enterprise Portal Platform
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-2186 Maven HIGH PATCH Act Now

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 87.1%.

Red Hat Apache Information Disclosure Jboss Enterprise Brms Platform Jboss Enterprise Portal Platform +3
NVD
CVSS 2.0
7.5
EPSS
87.1%
Threat
4.1
CVE-2013-2102 LOW Monitor

The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Jboss Enterprise Portal Platform
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2012-4572 LOW Monitor

Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an. Rated low severity (CVSS 3.7). No vendor patch available.

Red Hat Privilege Escalation Jboss Enterprise Application Platform Jboss Enterprise Portal Platform
NVD
CVSS 2.0
3.7
EPSS
0.2%
CVE-2012-5575 Maven MEDIUM PATCH This Month

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Cxf Jboss Enterprise Application Platform Jboss Enterprise Portal Platform +3
NVD
CVSS 2.0
6.4
EPSS
9.5%
CVE-2013-2165 Maven HIGH PATCH Act Now

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 24.1%.

Red Hat Privilege Escalation Java Deserialization RCE +8
NVD
CVSS 2.0
7.5
EPSS
24.1%
CVE-2013-0315 MEDIUM This Month

The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jboss Enterprise Portal Platform
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-0314 HIGH This Week

The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jboss Enterprise Portal Platform
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2012-3532 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Jboss Enterprise Portal Platform
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2012-5531 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Jboss Enterprise Portal Platform
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-2377 LOW Monitor

JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Jboss Enterprise Portal Platform Jboss Enterprise Soa Platform Jboss Enterprise Brms Platform
NVD
CVSS 2.0
3.3
EPSS
1.0%
EPSS 0% CVSS 4.9
MEDIUM This Month

The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Jboss Enterprise Portal Platform
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Jboss Enterprise Portal Platform
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Red Hat +4
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Tomcat Red Hat Apache +3
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat XSS Jboss Enterprise Portal Platform
NVD
EPSS 87% 4.1 CVSS 7.5
HIGH PATCH Act Now

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 87.1%.

Red Hat Apache Information Disclosure +5
NVD
EPSS 0% CVSS 3.3
LOW Monitor

The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Jboss Enterprise Portal Platform
NVD
EPSS 0% CVSS 3.7
LOW Monitor

Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an. Rated low severity (CVSS 3.7). No vendor patch available.

Red Hat Privilege Escalation Jboss Enterprise Application Platform +1
NVD
EPSS 10% CVSS 6.4
MEDIUM PATCH This Month

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Cxf +5
NVD
EPSS 24% CVSS 7.5
HIGH PATCH Act Now

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 24.1%.

Red Hat Privilege Escalation Java +10
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jboss Enterprise Portal Platform
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jboss Enterprise Portal Platform
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Jboss Enterprise Portal Platform
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Jboss Enterprise Portal Platform
NVD
EPSS 1% CVSS 3.3
LOW Monitor

JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Jboss Enterprise Portal Platform Jboss Enterprise Soa Platform +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy