CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-3417

uPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.4%

CVSS Severity

CVSS v2 Score 6.5

References

http://www.jasig.org/uportal/download/uportal-4-0-13-1
https://issues.jasig.org/browse/UP-4106
http://www.jasig.org/uportal/download/uportal-4-0-13-1
https://issues.jasig.org/browse/UP-4106

Products affected by CVE-2014-3417

Jasig » Uportal » Version: 4.0.13

cpe:2.3:a:jasig:uportal:4.0.13

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-3417

Products

Pricing

Contact Us