CVE-2008-0896

BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:bea_systems:weblogic_portal:9.2:mp1:*:*:*:*:*:*
cpe:2.3:a:bea_systems:weblogic_portal:10.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-02-22 21:44

Updated : 2023-12-10 10:40


NVD link : CVE-2008-0896

Mitre link : CVE-2008-0896

CVE.ORG link : CVE-2008-0896


JSON object : View

Products Affected

bea_systems

  • weblogic_portal
CWE
CWE-264

Permissions, Privileges, and Access Controls