The GateIn Portal Export / Import Gadget allows an export zip to be uploaded and imported to a site without authentication. A remote attacker could use this flaw to modify the content of a site, remove the site or modify access controls applied to portlets in the site.
This issue was discovered by Nick Scavelli of Red Hat.
This issue has been addressed in following products:
JBoss Enterprise Portal Platform 5.2.2
Via RHSA-2013:0613 https://rhn.redhat.com/errata/RHSA-2013-0613.html