Unrated severityNVD Advisory· Published Jul 16, 2015· Updated May 6, 2026

CVE-2015-3244

Description

The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted resources, which allows remote attackers to obtain sensitive information via a URL with a modified resource ID.

Affected products

Red Hat/Jboss Enterprise Portal Platform
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:6.2.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rhn.redhat.com/errata/RHSA-2015-1226.htmlnvdVendor Advisory
bugzilla.redhat.com/show_bug.cginvdVendor Advisory
www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlnvd
www.securityfocus.com/bid/75941nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000