PT-2008-2482 · Bea · Bea Weblogic Portal
Published
2008-02-21
·
Updated
2018-10-30
·
CVE-2008-0864
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
BEA WebLogic Portal versions 8.1 SP3 through 8.1 SP6
Description
The issue allows remote attackers to bypass intended access restrictions due to inadvertently removed entitlements for pages when an administrator edits the page definition label.
Recommendations
For BEA WebLogic Portal versions 8.1 SP3 through 8.1 SP6, consider restricting access to page definition editing until a fix is available to prevent unintended removal of entitlements.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bea Weblogic Portal