CVE-2006-1358 — Oracle Weblogic Portal vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 32.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Weblogic Portal

Timeline

PublishedMar 22

Latest updateMay 3

Description

Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDoracle/weblogic_portal8.1

Patches

Patch: ftpna.beasys.com ↗Patch: dev2dev.bea.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-gxxr-jv9h-5q3v: Unspecified vulnerability in BEA WebLogic Portal 8↗2022-05-03

▶

CVEList

CVE-2006-1358: Unspecified vulnerability in BEA WebLogic Portal 8↗2006-03-22

▶

💬Community

Bugzilla

A number of tomcat issues↗2007-05-09

▶