Vulnerability Description
Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea Systems | Weblogic Portal | 8.1_sp6 |
| Oracle | Weblogic Portal | 8.1 |
Related Weaknesses (CWE)
References
- http://dev2dev.bea.com/pub/advisory/256
- http://secunia.com/advisories/29041
- http://www.securitytracker.com/id?1019454
- http://www.vupen.com/english/advisories/2008/0613
- http://dev2dev.bea.com/pub/advisory/256
- http://secunia.com/advisories/29041
- http://www.securitytracker.com/id?1019454
- http://www.vupen.com/english/advisories/2008/0613
FAQ
What is CVE-2008-0864?
CVE-2008-0864 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypa...
How severe is CVE-2008-0864?
CVE-2008-0864 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0864?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Systems Weblogic Portal, Oracle Weblogic Portal.