BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions.
Software | From | Fixed in |
---|---|---|
bea_systems / weblogic_portal | 10.0 | 10.0.x |
bea_systems / weblogic_portal | 9.2-mp1 | 9.2-mp1.x |