CVE-2008-0896 — Systems Weblogic Portal vulnerability

CWE-2643 documents3 sources

Severity

4.9MEDIUMNVD

EPSS

0.3%

top 47.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

BEA Systems Weblogic Portal

Timeline

PublishedFeb 22

Latest updateMay 1

Description

BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 6.8 | Impact: 4.9

Affected Packages1 packages

▶NVDbea_systems/weblogic_portal10.0, 9.2+1

Patches

Patch: dev2dev.bea.com ↗Patch: dev2dev.bea.com ↗

🔴Vulnerability Details

GHSA

GHSA-f44m-72vx-4m92: BEA WebLogic Portal 10↗2022-05-01

▶

CVEList

CVE-2008-0896: BEA WebLogic Portal 10↗2008-02-22

▶