CVE-2008-0864

Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
bea_systemsweblogic_portal
8.1_sp6:_sp6
oracleweblogic_portal
8.1:sp3
oracleweblogic_portal
8.1:sp4
oracleweblogic_portal
8.1:sp5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://dev2dev.bea.com/pub/advisory/256
http://secunia.com/advisories/29041
http://www.securitytracker.com/id?1019454
http://www.vupen.com/english/advisories/2008/0613
http://dev2dev.bea.com/pub/advisory/256
http://secunia.com/advisories/29041
http://www.securitytracker.com/id?1019454
http://www.vupen.com/english/advisories/2008/0613