The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted resources, which allows remote attackers to obtain sensitive information via a URL with a modified resource ID.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2015-07-16T10:00:00
Updated: 2024-08-06T05:39:32.120Z
Reserved: 2015-04-10T00:00:00
Link: CVE-2015-3244
Vulnrichment
No data.
NVD
Status : Modified
Published: 2015-07-16T11:00:23.650
Modified: 2024-11-21T02:28:58.987
Link: CVE-2015-3244
Redhat