CVE-2014-3416
CVE-2014-3416 affects uPortal prior to 4.0.13.1. The vulnerability arises from an improper check of MANAGE permissions, enabling remote authenticated users to manage arbitrary portlets by abusing the portlet-admin portlet’s SUBSCRIBE permission. The impact is the potential modification/management...