Vulnerability in Bea_systems Weblogic_portal
CVE-2008-0896
BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions.
EPSS: 0.008 (51.8th percentile) — read the EPSS interpretation.
Affected products
- Bea_systems Weblogic_portal — versions 9.2, 10.0
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (vendor-advisory, x_refsource_BEA, Patch)
- cve@mitre.org (vdb-entry, x_refsource_VUPEN)
- cve@mitre.org (vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)