-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.silverpeas.core:silverpeas-core-web | maven | < 6.3.2 | 6.3.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper access control on the Portlet Deployer endpoint. The PoC shows direct access to /silverpeas/portletDeployer by non-admin users, indicating missing role-based access controls. In Java web applications, servlets typically handle URL endpoints. The PortletDeployerServlet (or equivalent) would be responsible for deployment operations but lacks sufficient privilege verification. This matches the CWE-284 description of missing authorization checks on sensitive functionality.