Issues » jsps exposed to non-authenticated users

Issue: SI-28
Date: Sep 23, 2014, 8:00:00 PM
Severity: Medium
Requires Admin Access: No
Fix Version: 3
Credit: Internal Security Team
Description:

There are some administrative jsps that are accessible to non-administrative users.  This allows an attacker to target and call those jsps directly from their browsers without authentication.

Mitigation:

  

References

https://github.com/dotCMS/core/issues/6350

Highly Rated and Recommended

We're rated Excellent 4.2/5 stars on G2 - with 95+ verified reviews