Access Restriction Bypass Affecting org.jasig.portal:uportal-war Open this link in a new tab package, versions [,22.214.171.124)
Do your applications use this vulnerable package?
10 Feb 2015
29 May 2014
uPortal before 126.96.36.199 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet.