Lucene search

[email protected]CVE-2008-0864

HistoryFeb 21, 2008 - 1:44 a.m.

CVE-2008-0864

2008-02-2101:44:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-0864

bea weblogic portal

admin tools

entitlements

remote attackers

access restrictions

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.0%

JSON

Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions.

Affected configurations

NVD

Node

bea_systemsweblogic_portalMatch8.1_sp6

oracleweblogic_portalMatch8.1sp3

oracleweblogic_portalMatch8.1sp4

oracleweblogic_portalMatch8.1sp5

CPENameOperatorVersion
bea_systems:weblogic_portalbea systems weblogic portaleq8.1_sp6
oracle:weblogic_portaloracle weblogic portaleq8.1

CPE	Name	Operator	Version
bea_systems:weblogic_portal	bea systems weblogic portal	eq	8.1_sp6
oracle:weblogic_portal	oracle weblogic portal	eq	8.1

References

dev2dev.bea.com/pub/advisory/256

secunia.com/advisories/29041

www.securitytracker.com/id?1019454

www.vupen.com/english/advisories/2008/0613

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.0%

JSON

Related for CVE-2008-0864

prion1 cvelist1 nvd1