CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2008-0865
https://notcve.org/view.php?id=CVE-2008-0865
Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors. Vulnerabilidad no especificada en BEA WebLogic Portal 8.1 hasta SP6 permite a atacantes remotos evitar los derechos para las instancias de un portlet WLP flotable mediante vectores desconocidos. • http://dev2dev.bea.com/pub/advisory/257 http://secunia.com/advisories/29041 http://www.securitytracker.com/id?1019451 http://www.vupen.com/english/advisories/2008/0613 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2008-0870
https://notcve.org/view.php?id=CVE-2008-0870
BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session. BEA WebLogic Portal 10.0 y 9.2 desde el Maintenance Pack 2, bajo determinadas circunstancias, puede redireccionar a un usuario desde la URI https:// de la consola del Portal de Administración a una URI http://, que permitiría a atacantes remotos capturar la sesión. • http://dev2dev.bea.com/pub/advisory/264 http://secunia.com/advisories/29041 http://www.securitytracker.com/id?1019442 http://www.vupen.com/english/advisories/2008/0613 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •