Redhat

Jboss Enterprise Portal Platform

22 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.4

CVE-2012-5575

  • EPSS 12.29%
  • Published 19.08.2013 23:55:08
  • Last modified 11.04.2025 00:51:21

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers...

5

CVE-2011-1483

  • EPSS 1.37%
  • Published 29.07.2013 13:59:54
  • Last modified 11.04.2025 00:51:21

wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communicat...

7.5

CVE-2013-2165

  • EPSS 25.71%
  • Published 23.07.2013 11:03:11
  • Last modified 11.04.2025 00:51:21

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0...

5

CVE-2013-0315

  • EPSS 0.35%
  • Published 12.04.2013 22:55:01
  • Last modified 11.04.2025 00:51:21

The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack.

7.5

CVE-2013-0314

  • EPSS 0.64%
  • Published 12.04.2013 22:55:01
  • Last modified 11.04.2025 00:51:21

The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for...

6.8

CVE-2012-3532

  • EPSS 0.14%
  • Published 12.04.2013 22:55:00
  • Last modified 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

4.3

CVE-2012-5531

  • EPSS 0.25%
  • Published 18.01.2013 11:48:39
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

3.3

CVE-2012-2377

  • EPSS 0.99%
  • Published 23.11.2012 20:55:02
  • Last modified 11.04.2025 00:51:21

JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent ...

5

CVE-2011-1096

  • EPSS 0.76%
  • Published 23.11.2012 20:55:01
  • Last modified 11.04.2025 00:51:21

The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtai...

7.5

CVE-2011-4605

  • EPSS 2.42%
  • Published 23.11.2012 20:55:01
  • Last modified 11.04.2025 00:51:21

The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2....