CVE-2015-3244

{"id": "CVE-2015-3244", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-07-16T11:00:23.650", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2015-1226.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/75941", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232908", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1226.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/75941", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232908", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted resources, which allows remote attackers to obtain sensitive information via a URL with a modified resource ID."}, {"lang": "es", "value": "El Portlet Bridge para JavaServer Faces en Red Hat JBoss Portal 6.2.0, cuando se utiliza en portlets con el recurso est\u00e1ndar funcionando para el GenericPortlet, no restringe adecuadamente el acceso a los recursos limitados, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una URL con un recurso ID modificado."}], "lastModified": "2024-11-21T02:28:58.987", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:6.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D74DEC8E-E31D-4281-AD9B-1A9BDEAD8344"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}