CVE-2008-0864
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions.
Admin Tools en BEA WebLogic Portal 8.1 SP3 al SP6, involuntariamente puede eliminar los derechos para páginas cuando un administrador edita la etiqueta de definición de página, que podría permitir a atacantes remotos evitar las restricciones de acceso planeadas.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-02-20 CVE Reserved
- 2008-02-21 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/29041 | Third Party Advisory | |
| http://www.securitytracker.com/id?1019454 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/0613 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://dev2dev.bea.com/pub/advisory/256 | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bea Systems Search vendor "Bea Systems" | Weblogic Portal Search vendor "Bea Systems" for product "Weblogic Portal" | 8.1_sp6 Search vendor "Bea Systems" for product "Weblogic Portal" and version "8.1_sp6" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Weblogic Portal Search vendor "Oracle" for product "Weblogic Portal" | 8.1 Search vendor "Oracle" for product "Weblogic Portal" and version "8.1" | sp3 |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Weblogic Portal Search vendor "Oracle" for product "Weblogic Portal" | 8.1 Search vendor "Oracle" for product "Weblogic Portal" and version "8.1" | sp4 |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Weblogic Portal Search vendor "Oracle" for product "Weblogic Portal" | 8.1 Search vendor "Oracle" for product "Weblogic Portal" and version "8.1" | sp5 |
Affected
| ||||||