CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Jasig: Security Vulnerabilities

CVE-2014-3416

uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet.

CVSS Score

6.5

EPSS Score

0.003

Published

2014-05-29

CVE-2014-3417

uPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet.

CVSS Score

6.5

EPSS Score

0.004

Published

2014-05-29

Page 1

Vulnerabilities

Vulnerable Software

Jasig: Security Vulnerabilities

Products

Pricing

Contact Us