Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2014-3416
HistoryMay 29, 2014 - 2:19 p.m.

CVE-2014-3416

2014-05-2914:19:00
CWE-264
[email protected]
web.nvd.nist.gov
23
cve-2014-3416
uportal
security vulnerability
manage permissions
subscribe permission
portlet-admin portlet

9 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.6%

JSON

uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet.

CPENameOperatorVersion
jasig:uportaljasig uportalle4.0.13

Related

prion 1
amazon 3
openvas 3
nessus 3
prion
prion
Code injection
2014-05-29 14:19:00
amazon
amazon
Medium: php54
2015-07-07 12:39:00
Medium: php56
2015-07-07 12:40:00
Medium: php55
2015-07-07 12:40:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2015-561)
2015-09-08 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-562)
2015-09-08 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-563)
2015-09-08 00:00:00
nessus
nessus
Amazon Linux AMI : php54 (ALAS-2015-561)
2015-07-09 00:00:00
Amazon Linux AMI : php55 (ALAS-2015-562)
2015-07-09 00:00:00
Amazon Linux AMI : php56 (ALAS-2015-563)
2015-07-09 00:00:00

9 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.6%

JSON
Related for CVE-2014-3416
prion1amazon3openvas3nessus3