CVE-2007-2703
https://notcve.org/view.php?id=CVE-2007-2703
BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources. BEA WebLogic Portal 9.2 GA puede corromper los derechos del rol de visitante si un administrador proporciona una descripción larga del rol, lo cual puede permitir a usuarios remotos autenticados acceder a recursos privilegiados. • http://dev2dev.bea.com/pub/advisory/236 http://osvdb.org/36065 http://secunia.com/advisories/25284 http://www.securitytracker.com/id?1018060 http://www.vupen.com/english/advisories/2007/1815 https://exchange.xforce.ibmcloud.com/vulnerabilities/34285 •
CVE-2007-0423
https://notcve.org/view.php?id=CVE-2007-0423
BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact. BEA WebLogic Portal 9.2 no maneja adecuadamente cuando un administrador borra derechos de un rol, lo que provoca que otros derechos de ese rol sean "afectados inadvertidamente", lo cual tiene un impacto desconocido. • http://dev2dev.bea.com/pub/advisory/218 http://osvdb.org/32857 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017521 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/0213 •
CVE-2007-0426
https://notcve.org/view.php?id=CVE-2007-0426
BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions. BEA WebLogic Portal 9.2, cuando se ejecuta en un entorno de clúster de Servidores WebLogic utilizando derechos de Portal WebLogic, no propaga adecuadamente los cambios de políticas de derechos si los cambios se hacen en un servidor gestionado mientras que el Servidor Administrativo no se encuentra disponible, lo cual podría permitir a atacantes evitar restricciones pretendidas. • http://dev2dev.bea.com/pub/advisory/223 http://osvdb.org/32854 http://osvdb.org/38516 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017521 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/0213 •