7 results (0.013 seconds)

CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0

Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions. Admin Tools en BEA WebLogic Portal 8.1 SP3 al SP6, involuntariamente puede eliminar los derechos para páginas cuando un administrador edita la etiqueta de definición de página, que podría permitir a atacantes remotos evitar las restricciones de acceso planeadas. • http://dev2dev.bea.com/pub/advisory/256 http://secunia.com/advisories/29041 http://www.securitytracker.com/id?1019454 http://www.vupen.com/english/advisories/2008/0613 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 1%CPEs: 7EXPL: 0

Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors. Vulnerabilidad no especificada en BEA WebLogic Portal 8.1 hasta SP6 permite a atacantes remotos evitar los derechos para las instancias de un portlet WLP flotable mediante vectores desconocidos. • http://dev2dev.bea.com/pub/advisory/257 http://secunia.com/advisories/29041 http://www.securitytracker.com/id?1019451 http://www.vupen.com/english/advisories/2008/0613 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 1%CPEs: 6EXPL: 0

Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user. • ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip http://dev2dev.bea.com/pub/advisory/182 http://secunia.com/advisories/19308 http://securitytracker.com/id?1015791 http://www.securityfocus.com/bid/17164 http://www.vupen.com/english/advisories/2006/1022 https://exchange.xforce.ibmcloud.com/vulnerabilities/25345 •

CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0

Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restricted web resources via crafted URLs. • http://dev2dev.bea.com/pub/advisory/172 http://secunia.com/advisories/18593 http://securitytracker.com/id?1015528 http://www.osvdb.org/22767 http://www.securityfocus.com/bid/16358 http://www.vupen.com/english/advisories/2006/0312 https://exchange.xforce.ibmcloud.com/vulnerabilities/24293 •

CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0

BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors. • http://dev2dev.bea.com/pub/advisory/169 http://secunia.com/advisories/18593 http://securitytracker.com/id?1015528 http://www.securityfocus.com/bid/16358 http://www.vupen.com/english/advisories/2006/0312 https://exchange.xforce.ibmcloud.com/vulnerabilities/24297 •