The User Manager service in Apache Jetspeed prior to 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote malicious users to (1) add, (2) edit, or (3) delete users via the REST API.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache jetspeed |