Search criteria
65 vulnerabilities found for weblogic_portal by oracle
FKIE_CVE-2008-0868
Vulnerability from fkie_nvd - Published: 2008-02-21 01:44 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bea_systems | weblogic_portal | 10.0 | |
| oracle | weblogic_portal | 9.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bea_systems:weblogic_portal:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD825443-FB5F-466A-B059-3546D8F71411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_portal:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B04835B2-7FE9-462B-B989-4031D43C9670",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados en BEA WebLogic Portal 10.0 y 9.2 desde el Maintenance Pack 1, que permite a usuarios autentificados remotamente inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2008-0868",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-21T01:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://dev2dev.bea.com/pub/advisory/261"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29041"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019452"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://dev2dev.bea.com/pub/advisory/261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0613"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0865
Vulnerability from fkie_nvd - Published: 2008-02-21 01:44 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bea_systems | weblogic_portal | 8.1_sp6 | |
| oracle | weblogic_portal | 8.1 | |
| oracle | weblogic_portal | 8.1 | |
| oracle | weblogic_portal | 8.1 | |
| oracle | weblogic_portal | 8.1 | |
| oracle | weblogic_portal | 8.1 | |
| oracle | weblogic_portal | 8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bea_systems:weblogic_portal:8.1_sp6:*:*:*:*:*:*:*",
"matchCriteriaId": "087F8B60-E48C-4DC8-8EBC-EFB614ACBDBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_portal:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C72232-7D9A-43BF-9018-6D51EA35BF7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_portal:8.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "BCAB0CC7-DB7F-401B-8E9C-E3A33BD18F9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_portal:8.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "EA0A3F3F-F960-4418-B520-3AECCA0DDB43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_portal:8.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5DA2A8E6-1BEF-430B-85FD-AFFA44B891CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_portal:8.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "BF066EF7-82D6-42A4-97AC-C3A71A042152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_portal:8.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "22257A94-EB2C-432E-A9ED-224D8AB9527F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en BEA WebLogic Portal 8.1 hasta SP6 permite a atacantes remotos evitar los derechos para las instancias de un portlet WLP flotable mediante vectores desconocidos."
}
],
"id": "CVE-2008-0865",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-02-21T01:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://dev2dev.bea.com/pub/advisory/257"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29041"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019451"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://dev2dev.bea.com/pub/advisory/257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0613"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0864
Vulnerability from fkie_nvd - Published: 2008-02-21 01:44 - Updated: 2025-04-09 00:30
Severity ?
Summary
Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bea_systems | weblogic_portal | 8.1_sp6 | |
| oracle | weblogic_portal | 8.1 | |
| oracle | weblogic_portal | 8.1 | |
| oracle | weblogic_portal | 8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bea_systems:weblogic_portal:8.1_sp6:*:*:*:*:*:*:*",
"matchCriteriaId": "087F8B60-E48C-4DC8-8EBC-EFB614ACBDBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_portal:8.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5DA2A8E6-1BEF-430B-85FD-AFFA44B891CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_portal:8.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "BF066EF7-82D6-42A4-97AC-C3A71A042152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_portal:8.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "22257A94-EB2C-432E-A9ED-224D8AB9527F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions."
},
{
"lang": "es",
"value": "Admin Tools en BEA WebLogic Portal 8.1 SP3 al SP6, involuntariamente puede eliminar los derechos para p\u00e1ginas cuando un administrador edita la etiqueta de definici\u00f3n de p\u00e1gina, que podr\u00eda permitir a atacantes remotos evitar las restricciones de acceso planeadas."
}
],
"id": "CVE-2008-0864",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-02-21T01:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://dev2dev.bea.com/pub/advisory/256"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29041"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019454"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://dev2dev.bea.com/pub/advisory/256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0613"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0870
Vulnerability from fkie_nvd - Published: 2008-02-21 01:44 - Updated: 2025-04-09 00:30
Severity ?
Summary
BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bea_systems | weblogic_portal | 9.2 | |
| bea_systems | weblogic_portal | 9.2 | |
| bea_systems | weblogic_portal | 10.0 | |
| oracle | weblogic_portal | 9.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bea_systems:weblogic_portal:9.2:mp1:*:*:*:*:*:*",
"matchCriteriaId": "25C589AB-11C3-45E4-9E12-6151C9B2A5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea_systems:weblogic_portal:9.2:mp2:*:*:*:*:*:*",
"matchCriteriaId": "0C4F2325-0D65-4324-9B71-C6118D79D568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea_systems:weblogic_portal:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD825443-FB5F-466A-B059-3546D8F71411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_portal:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B04835B2-7FE9-462B-B989-4031D43C9670",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session."
},
{
"lang": "es",
"value": "BEA WebLogic Portal 10.0 y 9.2 desde el Maintenance Pack 2, bajo determinadas circunstancias, puede redireccionar a un usuario desde la URI https:// de la consola del Portal de Administraci\u00f3n a una URI http://, que permitir\u00eda a atacantes remotos capturar la sesi\u00f3n."
}
],
"id": "CVE-2008-0870",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-02-21T01:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://dev2dev.bea.com/pub/advisory/264"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29041"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019442"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://dev2dev.bea.com/pub/advisory/264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0613"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-5576
Vulnerability from fkie_nvd - Published: 2007-10-18 21:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bea:tuxedo:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "95C77782-600F-4BBB-B71D-C28FDD9AAF60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:tuxedo:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30BF1224-40A6-454F-B6CF-3BEEBE3272B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_integration:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53E28DE8-4868-4DCE-8F8C-7967F2515D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_integration:8.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "60231665-A976-4831-9419-AA332D3CC3D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_integration:8.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "C67B3D8E-EBFF-4926-B696-9DC123A667EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_integration:8.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "DA53F4D4-CABE-47A4-A900-840B5B933D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_integration:8.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "4CE99F33-A818-441D-A4AF-773C5422D992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_integration:8.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "FC355584-B0B1-4834-B2C9-4671AC4ED382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_integration:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64003CF-C562-491A-8430-B8D40CEC528C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:5.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "AC966FC9-3ED4-4CCD-B1E6-74E8CC7CEBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*",
"matchCriteriaId": "05AFBE78-C611-4EA2-8B00-5F8B61696CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*",
"matchCriteriaId": "C3B7752C-B297-480A-B3FC-948EA081670C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*",
"matchCriteriaId": "71892EC0-E6B1-4214-AC53-06489F711829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*",
"matchCriteriaId": "696F52AE-FEB9-4090-872E-FDFD969F5604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*",
"matchCriteriaId": "DCED03B6-7565-4F53-8D85-F3391BF66988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*",
"matchCriteriaId": "B70F0353-635F-465B-A7E5-AF2D017AB008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp6:express:*:*:*:*:*",
"matchCriteriaId": "FED6AE20-974B-44A7-98C4-F69E6E33D9DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp7:express:*:*:*:*:*",
"matchCriteriaId": "F77E777F-7EB5-4A08-9063-C772B49B5E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C5AFCF-79D8-4005-B800-B0C6BD461276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*",
"matchCriteriaId": "FBDF3AC0-0680-4EEE-898C-47D194667BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6828CE4B-91E8-4688-977F-DC7BC21131C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*",
"matchCriteriaId": "BBDB9094-78E8-4CBF-9F5F-321D5174F1EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E141AA86-C6D0-4FA8-9268-0FB0635DF9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*",
"matchCriteriaId": "6FB8930F-C6D8-40B9-8D08-751F5B47229B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "893D9D88-43C4-4F9F-A364-0585DE6FA9E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*",
"matchCriteriaId": "D59F9859-7344-43F0-9348-E57FABB9E431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "D34E2925-DE2A-437F-B349-BD7103F4C37E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*",
"matchCriteriaId": "0A4EC87D-EF83-48C5-B516-A6A482D9F525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "16E3F943-D920-4C0A-8545-5CF7D792011F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp5:express:*:*:*:*:*",
"matchCriteriaId": "6BBA04D4-BA2E-4495-85DE-38918A878012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "B46A3EBE-B268-427E-AAB5-62DDF255F1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp6:express:*:*:*:*:*",
"matchCriteriaId": "A3024422-1CA9-4E5D-80D1-2F4B57FDAEBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "F5D61A68-E83A-4374-832A-C9A2FEA0AD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp7:express:*:*:*:*:*",
"matchCriteriaId": "596178D8-B7BB-4793-81C1-119ED353CF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74AE35FF-AC1C-435B-8CE9-F40AFFFA3A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E8797D-1B62-4480-A79D-0345E65699E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2FC1486C-6AC4-44F7-9015-40FD4A341C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5485722F-5DE4-4CD4-865F-32585537F523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "3CCEDE54-97F3-457A-9886-5BD91C9AED2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*",
"matchCriteriaId": "ADED8968-EA9C-4F0E-AD2F-BC834F4D8A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*",
"matchCriteriaId": "F7560131-A6AC-4BBB-AA2D-C7C63AB51226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*",
"matchCriteriaId": "893C2387-03E3-4F8E-9029-BC64C64239EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*",
"matchCriteriaId": "55661356-58E0-49D3-9C79-B4BB5EBE24CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*",
"matchCriteriaId": "107C2FC6-BC60-4817-8A21-14C81DA6DEF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp5:express:*:*:*:*:*",
"matchCriteriaId": "24E0BA12-971C-4DC4-8ED2-9B7DCD6390E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA97F1A-49F7-4511-8959-D62155491DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAAE8F1-CB25-4871-BE48-ABF7DFAD8AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:9.1:*:express:*:*:*:*:*",
"matchCriteriaId": "17280B97-D499-434E-BD89-FD348E9E2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA8C449-ECD0-46E5-A7D6-740DE8DEE0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:9.2:*:express:*:*:*:*:*",
"matchCriteriaId": "B06BDF43-A534-4F38-813D-72F538549F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_workshop:8.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AD6F9694-259F-4631-BC93-B1136F08E77E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_workshop:8.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "77624161-7740-4162-9C83-C0DFEA2BBCCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_workshop:8.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "E785D039-3426-4C1F-BBA8-7C6D32FB141E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_workshop:8.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "D4B2A474-B6C4-47B6-8B20-8722A8C25238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_workshop:8.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "2FDBD7AF-51AC-48B9-A465-0C13B9230EE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_portal:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B04835B2-7FE9-462B-B989-4031D43C9670",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands."
},
{
"lang": "es",
"value": "BEA Tuxedo 8.0 anterior al RP392 y el 8.1 anterior al RP293 y el WebLogic Enterprise 5.1 anterior al RP174, muestra la contrase\u00f1a en texto claro, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos obtener informaci\u00f3n sensible a trav\u00e9s de los comandos (1) cnsbind, (2) cnsunbind o (3) cnsls."
}
],
"evaluatorSolution": "More information can be found regarding patch information at:\r\nhttp://www.securityfocus.com/bid/23979/solution",
"id": "CVE-2007-5576",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-18T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://dev2dev.bea.com/pub/advisory/226"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/45478"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1813"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://dev2dev.bea.com/pub/advisory/226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/45478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-2703
Vulnerability from fkie_nvd - Published: 2007-05-16 01:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | weblogic_portal | 9.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:weblogic_portal:9.2:ga:*:*:*:*:*:*",
"matchCriteriaId": "B7182B23-E5D5-4913-A11E-8AF727BEE9CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources."
},
{
"lang": "es",
"value": "BEA WebLogic Portal 9.2 GA puede corromper los derechos del rol de visitante si un administrador proporciona una descripci\u00f3n larga del rol, lo cual puede permitir a usuarios remotos autenticados acceder a recursos privilegiados."
}
],
"id": "CVE-2007-2703",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-16T01:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dev2dev.bea.com/pub/advisory/236"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36065"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25284"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securitytracker.com/id?1018060"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1815"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dev2dev.bea.com/pub/advisory/236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securitytracker.com/id?1018060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34285"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-2702
Vulnerability from fkie_nvd - Published: 2007-05-16 01:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | weblogic_portal | 9.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:weblogic_portal:9.2:ga:*:*:*:*:*:*",
"matchCriteriaId": "B7182B23-E5D5-4913-A11E-8AF727BEE9CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en la aplicaci\u00f3n GroupSpace de BEA WebLogic Portal 9.2 GA permite a usuarios remotos autenticados inyectar secuencias de comandos (script) web o HTML de su elecci\u00f3n a trav\u00e9s de vectores sin especificar relacionados con el editor de texto enriquecido."
}
],
"id": "CVE-2007-2702",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-05-16T01:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dev2dev.bea.com/pub/advisory/235"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36066"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25284"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018060"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1815"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dev2dev.bea.com/pub/advisory/235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34283"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-0426
Vulnerability from fkie_nvd - Published: 2007-01-23 00:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | weblogic_portal | 9.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:weblogic_portal:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B04835B2-7FE9-462B-B989-4031D43C9670",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions."
},
{
"lang": "es",
"value": "BEA WebLogic Portal 9.2, cuando se ejecuta en un entorno de cl\u00faster de Servidores WebLogic utilizando derechos de Portal WebLogic, no propaga adecuadamente los cambios de pol\u00edticas de derechos si los cambios se hacen en un servidor gestionado mientras que el Servidor Administrativo no se encuentra disponible, lo cual podr\u00eda permitir a atacantes evitar restricciones pretendidas."
}
],
"id": "CVE-2007-0426",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-01-23T00:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dev2dev.bea.com/pub/advisory/223"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/32854"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38516"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23750"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017521"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22082"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dev2dev.bea.com/pub/advisory/223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/32854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0213"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-0423
Vulnerability from fkie_nvd - Published: 2007-01-23 00:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | weblogic_portal | 9.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:weblogic_portal:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B04835B2-7FE9-462B-B989-4031D43C9670",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be \"inadvertently affected,\" which has an unknown impact."
},
{
"lang": "es",
"value": "BEA WebLogic Portal 9.2 no maneja adecuadamente cuando un administrador borra derechos de un rol, lo que provoca que otros derechos de ese rol sean \"afectados inadvertidamente\", lo cual tiene un impacto desconocido."
}
],
"id": "CVE-2007-0423",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-01-23T00:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dev2dev.bea.com/pub/advisory/218"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/32857"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23750"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017521"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22082"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dev2dev.bea.com/pub/advisory/218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/32857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0213"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-1358
Vulnerability from fkie_nvd - Published: 2006-03-22 02:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | weblogic_portal | 8.1 | |
| oracle | weblogic_portal | 8.1 | |
| oracle | weblogic_portal | 8.1 | |
| oracle | weblogic_portal | 8.1 | |
| oracle | weblogic_portal | 8.1 | |
| oracle | weblogic_portal | 8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:weblogic_portal:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C72232-7D9A-43BF-9018-6D51EA35BF7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_portal:8.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "BCAB0CC7-DB7F-401B-8E9C-E3A33BD18F9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_portal:8.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "EA0A3F3F-F960-4418-B520-3AECCA0DDB43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_portal:8.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5DA2A8E6-1BEF-430B-85FD-AFFA44B891CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_portal:8.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "BF066EF7-82D6-42A4-97AC-C3A71A042152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_portal:8.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "22257A94-EB2C-432E-A9ED-224D8AB9527F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user."
}
],
"id": "CVE-2006-1358",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-22T02:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dev2dev.bea.com/pub/advisory/182"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19308"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015791"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17164"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1022"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dev2dev.bea.com/pub/advisory/182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25345"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-0865 (GCVE-0-2008-0865)
Vulnerability from cvelistv5 – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
VLAI?
Summary
Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "BEA08-184.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/257"
},
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019451",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019451"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-05T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "BEA08-184.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/257"
},
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019451",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019451"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "BEA08-184.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/257"
},
{
"name": "ADV-2008-0613",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019451",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019451"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0865",
"datePublished": "2008-02-21T01:00:00",
"dateReserved": "2008-02-20T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0868 (GCVE-0-2008-0868)
Vulnerability from cvelistv5 – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:39.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1019452",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019452"
},
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "BEA08-188.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/261"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-05T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1019452",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019452"
},
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "BEA08-188.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/261"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019452",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019452"
},
{
"name": "ADV-2008-0613",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "BEA08-188.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/261"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0868",
"datePublished": "2008-02-21T01:00:00",
"dateReserved": "2008-02-20T00:00:00",
"dateUpdated": "2024-08-07T08:01:39.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0864 (GCVE-0-2008-0864)
Vulnerability from cvelistv5 – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
VLAI?
Summary
Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019454",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019454"
},
{
"name": "BEA08-183.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/256"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-05T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019454",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019454"
},
{
"name": "BEA08-183.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/256"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0864",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0613",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019454",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019454"
},
{
"name": "BEA08-183.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/256"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0864",
"datePublished": "2008-02-21T01:00:00",
"dateReserved": "2008-02-20T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0870 (GCVE-0-2008-0870)
Vulnerability from cvelistv5 – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
VLAI?
Summary
BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "BEA08-190.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/264"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019442",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019442"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-05T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "BEA08-190.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/264"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019442",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019442"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0613",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "BEA08-190.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/264"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019442",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019442"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0870",
"datePublished": "2008-02-21T01:00:00",
"dateReserved": "2008-02-20T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5576 (GCVE-0-2007-5576)
Vulnerability from cvelistv5 – Published: 2007-10-18 21:00 – Updated: 2024-08-07 15:39
VLAI?
Summary
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45478",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45478"
},
{
"name": "weblogic-tuxedo-information-disclosure(34290)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
},
{
"name": "BEA07-158.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/226"
},
{
"name": "ADV-2007-1813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1813"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45478",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45478"
},
{
"name": "weblogic-tuxedo-information-disclosure(34290)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
},
{
"name": "BEA07-158.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/226"
},
{
"name": "ADV-2007-1813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1813"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45478",
"refsource": "OSVDB",
"url": "http://osvdb.org/45478"
},
{
"name": "weblogic-tuxedo-information-disclosure(34290)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
},
{
"name": "BEA07-158.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/226"
},
{
"name": "ADV-2007-1813",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1813"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5576",
"datePublished": "2007-10-18T21:00:00",
"dateReserved": "2007-10-18T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2703 (GCVE-0-2007-2703)
Vulnerability from cvelistv5 – Published: 2007-05-16 01:00 – Updated: 2024-08-07 13:49
VLAI?
Summary
BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:49:57.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36065",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36065"
},
{
"name": "weblogic-portal-entitlement-weak-security(34285)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34285"
},
{
"name": "25284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25284"
},
{
"name": "BEA07-167.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/236"
},
{
"name": "1018060",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018060"
},
{
"name": "ADV-2007-1815",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1815"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36065",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36065"
},
{
"name": "weblogic-portal-entitlement-weak-security(34285)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34285"
},
{
"name": "25284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25284"
},
{
"name": "BEA07-167.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/236"
},
{
"name": "1018060",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018060"
},
{
"name": "ADV-2007-1815",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1815"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36065",
"refsource": "OSVDB",
"url": "http://osvdb.org/36065"
},
{
"name": "weblogic-portal-entitlement-weak-security(34285)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34285"
},
{
"name": "25284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25284"
},
{
"name": "BEA07-167.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/236"
},
{
"name": "1018060",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018060"
},
{
"name": "ADV-2007-1815",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1815"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2703",
"datePublished": "2007-05-16T01:00:00",
"dateReserved": "2007-05-15T00:00:00",
"dateUpdated": "2024-08-07T13:49:57.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2702 (GCVE-0-2007-2702)
Vulnerability from cvelistv5 – Published: 2007-05-16 01:00 – Updated: 2024-08-07 13:49
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:49:57.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "weblogic-portal-groupspace-xss(34283)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34283"
},
{
"name": "25284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25284"
},
{
"name": "36066",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36066"
},
{
"name": "BEA07-166.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/235"
},
{
"name": "1018060",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018060"
},
{
"name": "ADV-2007-1815",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1815"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "weblogic-portal-groupspace-xss(34283)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34283"
},
{
"name": "25284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25284"
},
{
"name": "36066",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36066"
},
{
"name": "BEA07-166.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/235"
},
{
"name": "1018060",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018060"
},
{
"name": "ADV-2007-1815",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1815"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "weblogic-portal-groupspace-xss(34283)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34283"
},
{
"name": "25284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25284"
},
{
"name": "36066",
"refsource": "OSVDB",
"url": "http://osvdb.org/36066"
},
{
"name": "BEA07-166.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/235"
},
{
"name": "1018060",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018060"
},
{
"name": "ADV-2007-1815",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1815"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2702",
"datePublished": "2007-05-16T01:00:00",
"dateReserved": "2007-05-15T00:00:00",
"dateUpdated": "2024-08-07T13:49:57.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0426 (GCVE-0-2007-0426)
Vulnerability from cvelistv5 – Published: 2007-01-23 00:00 – Updated: 2024-08-07 12:19
VLAI?
Summary
BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:30.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23750"
},
{
"name": "22082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22082"
},
{
"name": "1017521",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017521"
},
{
"name": "ADV-2007-0213",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0213"
},
{
"name": "32854",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32854"
},
{
"name": "BEA07-156.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/223"
},
{
"name": "38516",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38516"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-01-30T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23750"
},
{
"name": "22082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22082"
},
{
"name": "1017521",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017521"
},
{
"name": "ADV-2007-0213",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0213"
},
{
"name": "32854",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32854"
},
{
"name": "BEA07-156.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/223"
},
{
"name": "38516",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38516"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23750"
},
{
"name": "22082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22082"
},
{
"name": "1017521",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017521"
},
{
"name": "ADV-2007-0213",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0213"
},
{
"name": "32854",
"refsource": "OSVDB",
"url": "http://osvdb.org/32854"
},
{
"name": "BEA07-156.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/223"
},
{
"name": "38516",
"refsource": "OSVDB",
"url": "http://osvdb.org/38516"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0426",
"datePublished": "2007-01-23T00:00:00",
"dateReserved": "2007-01-22T00:00:00",
"dateUpdated": "2024-08-07T12:19:30.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0423 (GCVE-0-2007-0423)
Vulnerability from cvelistv5 – Published: 2007-01-23 00:00 – Updated: 2024-08-07 12:19
VLAI?
Summary
BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:30.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32857",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32857"
},
{
"name": "23750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23750"
},
{
"name": "22082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22082"
},
{
"name": "1017521",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017521"
},
{
"name": "ADV-2007-0213",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0213"
},
{
"name": "BEA07-151.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/218"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be \"inadvertently affected,\" which has an unknown impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-01-30T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32857",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32857"
},
{
"name": "23750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23750"
},
{
"name": "22082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22082"
},
{
"name": "1017521",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017521"
},
{
"name": "ADV-2007-0213",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0213"
},
{
"name": "BEA07-151.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/218"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be \"inadvertently affected,\" which has an unknown impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32857",
"refsource": "OSVDB",
"url": "http://osvdb.org/32857"
},
{
"name": "23750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23750"
},
{
"name": "22082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22082"
},
{
"name": "1017521",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017521"
},
{
"name": "ADV-2007-0213",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0213"
},
{
"name": "BEA07-151.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/218"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0423",
"datePublished": "2007-01-23T00:00:00",
"dateReserved": "2007-01-22T00:00:00",
"dateUpdated": "2024-08-07T12:19:30.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1358 (GCVE-0-2006-1358)
Vulnerability from cvelistv5 – Published: 2006-03-22 02:00 – Updated: 2024-08-07 17:12
VLAI?
Summary
Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:12:20.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1022"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip"
},
{
"name": "BEA06-122.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/182"
},
{
"name": "19308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19308"
},
{
"name": "17164",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17164"
},
{
"name": "1015791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015791"
},
{
"name": "weblogic-portal-portlet-disclosure(25345)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25345"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1022"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip"
},
{
"name": "BEA06-122.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/182"
},
{
"name": "19308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19308"
},
{
"name": "17164",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17164"
},
{
"name": "1015791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015791"
},
{
"name": "weblogic-portal-portlet-disclosure(25345)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25345"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1022",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1022"
},
{
"name": "ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip",
"refsource": "MISC",
"url": "ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip"
},
{
"name": "BEA06-122.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/182"
},
{
"name": "19308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19308"
},
{
"name": "17164",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17164"
},
{
"name": "1015791",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015791"
},
{
"name": "weblogic-portal-portlet-disclosure(25345)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25345"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1358",
"datePublished": "2006-03-22T02:00:00",
"dateReserved": "2006-03-21T00:00:00",
"dateUpdated": "2024-08-07T17:12:20.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0865 (GCVE-0-2008-0865)
Vulnerability from nvd – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
VLAI?
Summary
Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "BEA08-184.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/257"
},
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019451",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019451"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-05T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "BEA08-184.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/257"
},
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019451",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019451"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "BEA08-184.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/257"
},
{
"name": "ADV-2008-0613",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019451",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019451"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0865",
"datePublished": "2008-02-21T01:00:00",
"dateReserved": "2008-02-20T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0868 (GCVE-0-2008-0868)
Vulnerability from nvd – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:39.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1019452",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019452"
},
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "BEA08-188.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/261"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-05T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1019452",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019452"
},
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "BEA08-188.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/261"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019452",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019452"
},
{
"name": "ADV-2008-0613",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "BEA08-188.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/261"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0868",
"datePublished": "2008-02-21T01:00:00",
"dateReserved": "2008-02-20T00:00:00",
"dateUpdated": "2024-08-07T08:01:39.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0864 (GCVE-0-2008-0864)
Vulnerability from nvd – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
VLAI?
Summary
Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019454",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019454"
},
{
"name": "BEA08-183.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/256"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-05T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019454",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019454"
},
{
"name": "BEA08-183.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/256"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0864",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0613",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019454",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019454"
},
{
"name": "BEA08-183.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/256"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0864",
"datePublished": "2008-02-21T01:00:00",
"dateReserved": "2008-02-20T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0870 (GCVE-0-2008-0870)
Vulnerability from nvd – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
VLAI?
Summary
BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "BEA08-190.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/264"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019442",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019442"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-05T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-0613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "BEA08-190.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/264"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019442",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019442"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0613",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0613"
},
{
"name": "BEA08-190.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/264"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019442",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019442"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0870",
"datePublished": "2008-02-21T01:00:00",
"dateReserved": "2008-02-20T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5576 (GCVE-0-2007-5576)
Vulnerability from nvd – Published: 2007-10-18 21:00 – Updated: 2024-08-07 15:39
VLAI?
Summary
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45478",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45478"
},
{
"name": "weblogic-tuxedo-information-disclosure(34290)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
},
{
"name": "BEA07-158.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/226"
},
{
"name": "ADV-2007-1813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1813"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45478",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45478"
},
{
"name": "weblogic-tuxedo-information-disclosure(34290)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
},
{
"name": "BEA07-158.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/226"
},
{
"name": "ADV-2007-1813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1813"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45478",
"refsource": "OSVDB",
"url": "http://osvdb.org/45478"
},
{
"name": "weblogic-tuxedo-information-disclosure(34290)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
},
{
"name": "BEA07-158.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/226"
},
{
"name": "ADV-2007-1813",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1813"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5576",
"datePublished": "2007-10-18T21:00:00",
"dateReserved": "2007-10-18T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2703 (GCVE-0-2007-2703)
Vulnerability from nvd – Published: 2007-05-16 01:00 – Updated: 2024-08-07 13:49
VLAI?
Summary
BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:49:57.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36065",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36065"
},
{
"name": "weblogic-portal-entitlement-weak-security(34285)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34285"
},
{
"name": "25284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25284"
},
{
"name": "BEA07-167.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/236"
},
{
"name": "1018060",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018060"
},
{
"name": "ADV-2007-1815",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1815"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36065",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36065"
},
{
"name": "weblogic-portal-entitlement-weak-security(34285)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34285"
},
{
"name": "25284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25284"
},
{
"name": "BEA07-167.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/236"
},
{
"name": "1018060",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018060"
},
{
"name": "ADV-2007-1815",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1815"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36065",
"refsource": "OSVDB",
"url": "http://osvdb.org/36065"
},
{
"name": "weblogic-portal-entitlement-weak-security(34285)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34285"
},
{
"name": "25284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25284"
},
{
"name": "BEA07-167.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/236"
},
{
"name": "1018060",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018060"
},
{
"name": "ADV-2007-1815",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1815"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2703",
"datePublished": "2007-05-16T01:00:00",
"dateReserved": "2007-05-15T00:00:00",
"dateUpdated": "2024-08-07T13:49:57.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2702 (GCVE-0-2007-2702)
Vulnerability from nvd – Published: 2007-05-16 01:00 – Updated: 2024-08-07 13:49
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:49:57.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "weblogic-portal-groupspace-xss(34283)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34283"
},
{
"name": "25284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25284"
},
{
"name": "36066",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36066"
},
{
"name": "BEA07-166.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/235"
},
{
"name": "1018060",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018060"
},
{
"name": "ADV-2007-1815",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1815"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "weblogic-portal-groupspace-xss(34283)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34283"
},
{
"name": "25284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25284"
},
{
"name": "36066",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36066"
},
{
"name": "BEA07-166.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/235"
},
{
"name": "1018060",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018060"
},
{
"name": "ADV-2007-1815",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1815"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "weblogic-portal-groupspace-xss(34283)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34283"
},
{
"name": "25284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25284"
},
{
"name": "36066",
"refsource": "OSVDB",
"url": "http://osvdb.org/36066"
},
{
"name": "BEA07-166.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/235"
},
{
"name": "1018060",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018060"
},
{
"name": "ADV-2007-1815",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1815"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2702",
"datePublished": "2007-05-16T01:00:00",
"dateReserved": "2007-05-15T00:00:00",
"dateUpdated": "2024-08-07T13:49:57.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0426 (GCVE-0-2007-0426)
Vulnerability from nvd – Published: 2007-01-23 00:00 – Updated: 2024-08-07 12:19
VLAI?
Summary
BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:30.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23750"
},
{
"name": "22082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22082"
},
{
"name": "1017521",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017521"
},
{
"name": "ADV-2007-0213",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0213"
},
{
"name": "32854",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32854"
},
{
"name": "BEA07-156.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/223"
},
{
"name": "38516",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38516"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-01-30T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23750"
},
{
"name": "22082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22082"
},
{
"name": "1017521",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017521"
},
{
"name": "ADV-2007-0213",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0213"
},
{
"name": "32854",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32854"
},
{
"name": "BEA07-156.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/223"
},
{
"name": "38516",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38516"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23750"
},
{
"name": "22082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22082"
},
{
"name": "1017521",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017521"
},
{
"name": "ADV-2007-0213",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0213"
},
{
"name": "32854",
"refsource": "OSVDB",
"url": "http://osvdb.org/32854"
},
{
"name": "BEA07-156.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/223"
},
{
"name": "38516",
"refsource": "OSVDB",
"url": "http://osvdb.org/38516"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0426",
"datePublished": "2007-01-23T00:00:00",
"dateReserved": "2007-01-22T00:00:00",
"dateUpdated": "2024-08-07T12:19:30.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0423 (GCVE-0-2007-0423)
Vulnerability from nvd – Published: 2007-01-23 00:00 – Updated: 2024-08-07 12:19
VLAI?
Summary
BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:30.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32857",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32857"
},
{
"name": "23750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23750"
},
{
"name": "22082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22082"
},
{
"name": "1017521",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017521"
},
{
"name": "ADV-2007-0213",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0213"
},
{
"name": "BEA07-151.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/218"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be \"inadvertently affected,\" which has an unknown impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-01-30T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32857",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32857"
},
{
"name": "23750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23750"
},
{
"name": "22082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22082"
},
{
"name": "1017521",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017521"
},
{
"name": "ADV-2007-0213",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0213"
},
{
"name": "BEA07-151.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/218"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be \"inadvertently affected,\" which has an unknown impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32857",
"refsource": "OSVDB",
"url": "http://osvdb.org/32857"
},
{
"name": "23750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23750"
},
{
"name": "22082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22082"
},
{
"name": "1017521",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017521"
},
{
"name": "ADV-2007-0213",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0213"
},
{
"name": "BEA07-151.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/218"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0423",
"datePublished": "2007-01-23T00:00:00",
"dateReserved": "2007-01-22T00:00:00",
"dateUpdated": "2024-08-07T12:19:30.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1358 (GCVE-0-2006-1358)
Vulnerability from nvd – Published: 2006-03-22 02:00 – Updated: 2024-08-07 17:12
VLAI?
Summary
Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:12:20.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1022"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip"
},
{
"name": "BEA06-122.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/182"
},
{
"name": "19308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19308"
},
{
"name": "17164",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17164"
},
{
"name": "1015791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015791"
},
{
"name": "weblogic-portal-portlet-disclosure(25345)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25345"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1022"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip"
},
{
"name": "BEA06-122.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/182"
},
{
"name": "19308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19308"
},
{
"name": "17164",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17164"
},
{
"name": "1015791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015791"
},
{
"name": "weblogic-portal-portlet-disclosure(25345)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25345"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1022",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1022"
},
{
"name": "ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip",
"refsource": "MISC",
"url": "ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip"
},
{
"name": "BEA06-122.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/182"
},
{
"name": "19308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19308"
},
{
"name": "17164",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17164"
},
{
"name": "1015791",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015791"
},
{
"name": "weblogic-portal-portlet-disclosure(25345)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25345"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1358",
"datePublished": "2006-03-22T02:00:00",
"dateReserved": "2006-03-21T00:00:00",
"dateUpdated": "2024-08-07T17:12:20.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}