Published: 29/05/2014 Updated: 30/05/2014

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

uPortal prior to 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jasig uportal

Upstream reports that six security-related issues in PHP were fixed in this release, as well as several security issues in bundled sqlite library (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416) All PHP 54 users are encouraged to upgrade to this version Please see the <a href="phpnet/ChangeLog-5php#5442">upstream release notes</ ...

Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-2325 and CVE-2015-2326) All PHP 56 users are encouraged to upgrade to this version Please see the <a href="phpnet/ChangeLog-5php#5610">upstream release notes&lt ...

Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-2325 and CVE-2015-2326) All PHP 55 users are encouraged to upgrade to this version Please see the <a href="phpnet/ChangeLog-5php#5526">upstream release notes&lt ...

CWE-264 http://www.jasig.org/uportal/download/uportal-4-0-13-1 https://issues.jasig.org/browse/UP-4105 https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2015-561.html

CVE-2014-3416

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect