Lucene search

[email protected]CVE-2008-0864

HistoryFeb 21, 2008 - 1:44 a.m.

CVE-2008-0864

2008-02-2101:44:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-0864

bea weblogic portal

admin tools

entitlements

remote attackers

access restrictions

7.6 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

69.2%

JSON

Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions.

CPENameOperatorVersion
bea_systems:weblogic_portalbea systems weblogic portaleq8.1_sp6
oracle:weblogic_portaloracle weblogic portaleq8.1

CPE	Name	Operator	Version
bea_systems:weblogic_portal	bea systems weblogic portal	eq	8.1_sp6
oracle:weblogic_portal	oracle weblogic portal	eq	8.1

References

dev2dev.bea.com/pub/advisory/256

secunia.com/advisories/29041

www.securitytracker.com/id?1019454

www.vupen.com/english/advisories/2008/0613

7.6 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

69.2%

JSON

Related for CVE-2008-0864

prion1 cvelist1