Red Hat Security Advisory 2013-0613-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. It was found that the GateIn Portal export/import gadget allowed an export ZIP to be uploaded and imported to a site without authentication. A remote attacker could use this flaw to modify the contents of a site, remove the site, or modify access controls applied to portlets in the site.
ea45d5058310a1479dff0e4483ee59cab6438a0aebb64173c6ff232e7ed8ddb0