CVE-2008-0864

Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions.

Published: Feb 21, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-0864
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
bea_systems / weblogic_portal	8.1_sp6	8.1_sp6.x
oracle / weblogic_portal	8.1-sp3	8.1-sp3.x
oracle / weblogic_portal	8.1-sp4	8.1-sp4.x
oracle / weblogic_portal	8.1-sp5	8.1-sp5.x

http://dev2dev.bea.com/pub/advisory/256
http://secunia.com/advisories/29041
http://www.securitytracker.com/id?1019454
http://www.vupen.com/english/advisories/2008/0613

Vulnerability Database

289,599

CVE-2008-0864