CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-3416

uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.6%

CVSS Severity

CVSS v2 Score 6.5

References

http://www.jasig.org/uportal/download/uportal-4-0-13-1
https://issues.jasig.org/browse/UP-4105
http://www.jasig.org/uportal/download/uportal-4-0-13-1
https://issues.jasig.org/browse/UP-4105

Products affected by CVE-2014-3416

Jasig » Uportal » Version: 4.0.13

cpe:2.3:a:jasig:uportal:4.0.13

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-3416

Products

Pricing

Contact Us