CVE-2007-0426

Name of the Vulnerable Software and Affected Versions BEA WebLogic Portal version 9.2

Description The issue arises when BEA WebLogic Portal 9.2 is running in a WebLogic Server clustered environment and utilizing WebLogic Portal entitlements. If entitlement policy changes are made on a managed server while the Administrative Server is unavailable, these changes are not properly propagated, potentially allowing attackers to bypass intended restrictions.

Recommendations For BEA WebLogic Portal version 9.2, ensure that entitlement policy changes are made when the Administrative Server is available to properly propagate these changes across the clustered environment. As a temporary workaround, consider restricting changes to entitlement policies until the Administrative Server is available.