OSVDB ID: 9739 Title: Cosminexus Portal Framework Cached Content Modification |
Info |
|
|
Dates |
||||
|
|
Description |
Cosminexus Portal Framework contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an unspecified error within the <ut:cache> tag library occurs, which will disclose a user's personal information in the cache being displayed to another user resulting in a loss of confidentiality. |
Classification |
Location:
Remote / Network Access
Attack Type: Input Manipulation, Misconfiguration Impact: Loss of Confidentiality Exploit: Exploit Public Disclosure: OSVDB Verified |
Solution |
Upgrade to version HS04-006-01 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Edit the setup so that access to the portlet using the <ut:cache> tag library is forbidden. Please refer to the manual for the setup. When the above workaround is applied and the portlet of relevance has already been deployed on the portal by the end-user, the message "No permission for portlet" will appear on the portal and the portlet cannot be accessed. To enable access again, apply the fixed version, and then cancel the setup that forbids access to the portlet using the <ut:cache> tag library. |
Products |
|
References |
|
Credit |
Unknown or Incomplete |