CVE-2023-47321: 
Java vulnerability analysis and mitigation

Silverpeas Core 6.3.1 contains an Incorrect Access Control vulnerability in the Portlet Deployer component that allows unauthorized access to the portlet deployment functionality. The vulnerability was discovered in version 6.3.1 and has been fixed in version 6.3.2 (NVD, Rhino Labs).

The vulnerability exists in the Portlet Deployer component which allows administrators to deploy .WAR portlets. Due to incorrect access control implementation, low-privileged users can directly access the portlet deployment tool by navigating to the URL 'http://localhost:8080/silverpeas/portletDeployer'. The vulnerability has been assigned a CVSS v3.1 Base Score of 4.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N (NVD).

The vulnerability allows unauthorized users to access administrative functionality intended only for administrators, specifically the ability to deploy .WAR portlets. This could potentially lead to unauthorized application deployment and system compromise (Rhino Labs).

The vulnerability has been fixed in Silverpeas Core version 6.3.2. Organizations using affected versions should upgrade to version 6.3.2 or later to address this security issue (NVD).