CVE-2007-2702
https://notcve.org/view.php?id=CVE-2007-2702
Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en la aplicación GroupSpace de BEA WebLogic Portal 9.2 GA permite a usuarios remotos autenticados inyectar secuencias de comandos (script) web o HTML de su elección a través de vectores sin especificar relacionados con el editor de texto enriquecido. • http://dev2dev.bea.com/pub/advisory/235 http://osvdb.org/36066 http://secunia.com/advisories/25284 http://www.securitytracker.com/id?1018060 http://www.vupen.com/english/advisories/2007/1815 https://exchange.xforce.ibmcloud.com/vulnerabilities/34283 •
CVE-2007-2703
https://notcve.org/view.php?id=CVE-2007-2703
BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources. BEA WebLogic Portal 9.2 GA puede corromper los derechos del rol de visitante si un administrador proporciona una descripción larga del rol, lo cual puede permitir a usuarios remotos autenticados acceder a recursos privilegiados. • http://dev2dev.bea.com/pub/advisory/236 http://osvdb.org/36065 http://secunia.com/advisories/25284 http://www.securitytracker.com/id?1018060 http://www.vupen.com/english/advisories/2007/1815 https://exchange.xforce.ibmcloud.com/vulnerabilities/34285 •
CVE-2007-0423
https://notcve.org/view.php?id=CVE-2007-0423
BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact. BEA WebLogic Portal 9.2 no maneja adecuadamente cuando un administrador borra derechos de un rol, lo que provoca que otros derechos de ese rol sean "afectados inadvertidamente", lo cual tiene un impacto desconocido. • http://dev2dev.bea.com/pub/advisory/218 http://osvdb.org/32857 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017521 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/0213 •
CVE-2007-0426
https://notcve.org/view.php?id=CVE-2007-0426
BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions. BEA WebLogic Portal 9.2, cuando se ejecuta en un entorno de clúster de Servidores WebLogic utilizando derechos de Portal WebLogic, no propaga adecuadamente los cambios de políticas de derechos si los cambios se hacen en un servidor gestionado mientras que el Servidor Administrativo no se encuentra disponible, lo cual podría permitir a atacantes evitar restricciones pretendidas. • http://dev2dev.bea.com/pub/advisory/223 http://osvdb.org/32854 http://osvdb.org/38516 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017521 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/0213 •
CVE-2006-1358
https://notcve.org/view.php?id=CVE-2006-1358
Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user. • ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip http://dev2dev.bea.com/pub/advisory/182 http://secunia.com/advisories/19308 http://securitytracker.com/id?1015791 http://www.securityfocus.com/bid/17164 http://www.vupen.com/english/advisories/2006/1022 https://exchange.xforce.ibmcloud.com/vulnerabilities/25345 •