CVE-2007-2703 — Oracle Weblogic Portal vulnerability

3 documents3 sources

Severity

3.6LOWNVD

EPSS

0.5%

top 32.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Weblogic Portal

Timeline

PublishedMay 16

Latest updateMay 1

Description

BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources.

CVSS vector

AV:N/AC:H/C:P/I:P/A:NExploitability: 3.9 | Impact: 4.9

Affected Packages1 packages

▶NVDoracle/weblogic_portal9.2

Patches

Patch: dev2dev.bea.com ↗Patch: dev2dev.bea.com ↗

🔴Vulnerability Details

GHSA

GHSA-8328-r6wp-frw2: BEA WebLogic Portal 9↗2022-05-01

▶

CVEList

CVE-2007-2703: BEA WebLogic Portal 9↗2007-05-16

▶