Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Jboss Portal
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7501 1 Redhat 15 Data Grid, Jboss A-mq, Jboss Bpm Suite and 12 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
CVE-2015-5176 1 Redhat 1 Jboss Portal 2024-11-21 5.8 MEDIUM N/A
The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.
CVE-2014-0245 1 Redhat 1 Jboss Portal 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer, and the endpoint in question is being used by a privileged user. This affects JBoss Portal 6.2.0.
CVE-2013-6495 1 Redhat 2 Jboss Enterprise Application Platform, Jboss Portal 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
JBossWeb Bayeux has reflected XSS
CVE-2012-5626 1 Redhat 6 Jboss Brms, Jboss Enterprise Application Platform, Jboss Enterprise Web Server and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.
CVE-2011-2487 2 Apache, Redhat 10 Cxf, Wss4j, Jboss Business Rules Management System and 7 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.