Описание
uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet.
Уязвимые конфигурации
Конфигурация 1Версия до 4.0.13 (включая)
cpe:2.3:a:jasig:uportal:*:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00296
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet.
EPSS
Процентиль: 53%
0.00296
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-264