Search

Find a vulnerability

Search criteria

    42 vulnerabilities found for weblogic_portal by oracle

    CVE-2008-0865 (GCVE-0-2008-0865)

    Vulnerability from nvd – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://dev2dev.bea.com/pub/advisory/257 vendor-advisoryx_refsource_BEA
    http://www.vupen.com/english/advisories/2008/0613 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1019451 vdb-entryx_refsource_SECTRACK
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:40.095Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "BEA08-184.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/257"
              },
              {
                "name": "ADV-2008-0613",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0613"
              },
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "1019451",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019451"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-05T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "BEA08-184.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/257"
            },
            {
              "name": "ADV-2008-0613",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0613"
            },
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "1019451",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019451"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0865",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "BEA08-184.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/257"
                },
                {
                  "name": "ADV-2008-0613",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0613"
                },
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "1019451",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019451"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0865",
        "datePublished": "2008-02-21T01:00:00.000Z",
        "dateReserved": "2008-02-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:40.095Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0868 (GCVE-0-2008-0868)

    Vulnerability from nvd – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1019452 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2008/0613 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://dev2dev.bea.com/pub/advisory/261 vendor-advisoryx_refsource_BEA
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:39.768Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1019452",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019452"
              },
              {
                "name": "ADV-2008-0613",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0613"
              },
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "BEA08-188.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/261"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-05T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1019452",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019452"
            },
            {
              "name": "ADV-2008-0613",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0613"
            },
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "BEA08-188.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/261"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0868",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1019452",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019452"
                },
                {
                  "name": "ADV-2008-0613",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0613"
                },
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "BEA08-188.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/261"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0868",
        "datePublished": "2008-02-21T01:00:00.000Z",
        "dateReserved": "2008-02-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:39.768Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0870 (GCVE-0-2008-0870)

    Vulnerability from nvd – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2008/0613 vdb-entryx_refsource_VUPEN
    http://dev2dev.bea.com/pub/advisory/264 vendor-advisoryx_refsource_BEA
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1019442 vdb-entryx_refsource_SECTRACK
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:40.034Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2008-0613",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0613"
              },
              {
                "name": "BEA08-190.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/264"
              },
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "1019442",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019442"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-05T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2008-0613",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0613"
            },
            {
              "name": "BEA08-190.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/264"
            },
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "1019442",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019442"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0870",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2008-0613",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0613"
                },
                {
                  "name": "BEA08-190.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/264"
                },
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "1019442",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019442"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0870",
        "datePublished": "2008-02-21T01:00:00.000Z",
        "dateReserved": "2008-02-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:40.034Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0864 (GCVE-0-2008-0864)

    Vulnerability from nvd – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2008/0613 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1019454 vdb-entryx_refsource_SECTRACK
    http://dev2dev.bea.com/pub/advisory/256 vendor-advisoryx_refsource_BEA
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:40.100Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2008-0613",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0613"
              },
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "1019454",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019454"
              },
              {
                "name": "BEA08-183.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/256"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-05T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2008-0613",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0613"
            },
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "1019454",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019454"
            },
            {
              "name": "BEA08-183.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/256"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0864",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2008-0613",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0613"
                },
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "1019454",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019454"
                },
                {
                  "name": "BEA08-183.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/256"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0864",
        "datePublished": "2008-02-21T01:00:00.000Z",
        "dateReserved": "2008-02-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:40.100Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5576 (GCVE-0-2007-5576)

    Vulnerability from nvd – Published: 2007-10-18 21:00 – Updated: 2024-08-07 15:39
    VLAI
    Summary
    BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/45478 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://dev2dev.bea.com/pub/advisory/226 vendor-advisoryx_refsource_BEA
    http://www.vupen.com/english/advisories/2007/1813 vdb-entryx_refsource_VUPEN
    Date Public
    2007-05-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:39:13.505Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45478",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/45478"
              },
              {
                "name": "weblogic-tuxedo-information-disclosure(34290)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
              },
              {
                "name": "BEA07-158.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/226"
              },
              {
                "name": "ADV-2007-1813",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1813"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-05-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "45478",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/45478"
            },
            {
              "name": "weblogic-tuxedo-information-disclosure(34290)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
            },
            {
              "name": "BEA07-158.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/226"
            },
            {
              "name": "ADV-2007-1813",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1813"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5576",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45478",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/45478"
                },
                {
                  "name": "weblogic-tuxedo-information-disclosure(34290)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
                },
                {
                  "name": "BEA07-158.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/226"
                },
                {
                  "name": "ADV-2007-1813",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1813"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5576",
        "datePublished": "2007-10-18T21:00:00.000Z",
        "dateReserved": "2007-10-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:39:13.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2703 (GCVE-0-2007-2703)

    Vulnerability from nvd – Published: 2007-05-16 01:00 – Updated: 2024-08-07 13:49
    VLAI
    Summary
    BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/36065 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/25284 third-party-advisoryx_refsource_SECUNIA
    http://dev2dev.bea.com/pub/advisory/236 vendor-advisoryx_refsource_BEA
    http://www.securitytracker.com/id?1018060 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2007/1815 vdb-entryx_refsource_VUPEN
    Date Public
    2007-05-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:49:57.136Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36065",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/36065"
              },
              {
                "name": "weblogic-portal-entitlement-weak-security(34285)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34285"
              },
              {
                "name": "25284",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25284"
              },
              {
                "name": "BEA07-167.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/236"
              },
              {
                "name": "1018060",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018060"
              },
              {
                "name": "ADV-2007-1815",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1815"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-05-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "36065",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/36065"
            },
            {
              "name": "weblogic-portal-entitlement-weak-security(34285)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34285"
            },
            {
              "name": "25284",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25284"
            },
            {
              "name": "BEA07-167.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/236"
            },
            {
              "name": "1018060",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018060"
            },
            {
              "name": "ADV-2007-1815",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1815"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2703",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36065",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/36065"
                },
                {
                  "name": "weblogic-portal-entitlement-weak-security(34285)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34285"
                },
                {
                  "name": "25284",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25284"
                },
                {
                  "name": "BEA07-167.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/236"
                },
                {
                  "name": "1018060",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018060"
                },
                {
                  "name": "ADV-2007-1815",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1815"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2703",
        "datePublished": "2007-05-16T01:00:00.000Z",
        "dateReserved": "2007-05-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:49:57.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2702 (GCVE-0-2007-2702)

    Vulnerability from nvd – Published: 2007-05-16 01:00 – Updated: 2024-08-07 13:49
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/25284 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/36066 vdb-entryx_refsource_OSVDB
    http://dev2dev.bea.com/pub/advisory/235 vendor-advisoryx_refsource_BEA
    http://www.securitytracker.com/id?1018060 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2007/1815 vdb-entryx_refsource_VUPEN
    Date Public
    2007-05-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:49:57.174Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "weblogic-portal-groupspace-xss(34283)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34283"
              },
              {
                "name": "25284",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25284"
              },
              {
                "name": "36066",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/36066"
              },
              {
                "name": "BEA07-166.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/235"
              },
              {
                "name": "1018060",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018060"
              },
              {
                "name": "ADV-2007-1815",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1815"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-05-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "weblogic-portal-groupspace-xss(34283)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34283"
            },
            {
              "name": "25284",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25284"
            },
            {
              "name": "36066",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/36066"
            },
            {
              "name": "BEA07-166.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/235"
            },
            {
              "name": "1018060",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018060"
            },
            {
              "name": "ADV-2007-1815",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1815"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2702",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "weblogic-portal-groupspace-xss(34283)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34283"
                },
                {
                  "name": "25284",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25284"
                },
                {
                  "name": "36066",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/36066"
                },
                {
                  "name": "BEA07-166.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/235"
                },
                {
                  "name": "1018060",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018060"
                },
                {
                  "name": "ADV-2007-1815",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1815"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2702",
        "datePublished": "2007-05-16T01:00:00.000Z",
        "dateReserved": "2007-05-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:49:57.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-0423 (GCVE-0-2007-0423)

    Vulnerability from nvd – Published: 2007-01-23 00:00 – Updated: 2024-08-07 12:19
    VLAI
    Summary
    BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/32857 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/23750 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/22082 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1017521 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2007/0213 vdb-entryx_refsource_VUPEN
    http://dev2dev.bea.com/pub/advisory/218 vendor-advisoryx_refsource_BEA
    Date Public
    2007-01-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:19:30.076Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32857",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/32857"
              },
              {
                "name": "23750",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23750"
              },
              {
                "name": "22082",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22082"
              },
              {
                "name": "1017521",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1017521"
              },
              {
                "name": "ADV-2007-0213",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0213"
              },
              {
                "name": "BEA07-151.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/218"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-01-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be \"inadvertently affected,\" which has an unknown impact."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-01-30T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "32857",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/32857"
            },
            {
              "name": "23750",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23750"
            },
            {
              "name": "22082",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22082"
            },
            {
              "name": "1017521",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1017521"
            },
            {
              "name": "ADV-2007-0213",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0213"
            },
            {
              "name": "BEA07-151.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/218"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-0423",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be \"inadvertently affected,\" which has an unknown impact."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32857",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/32857"
                },
                {
                  "name": "23750",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/23750"
                },
                {
                  "name": "22082",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22082"
                },
                {
                  "name": "1017521",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1017521"
                },
                {
                  "name": "ADV-2007-0213",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0213"
                },
                {
                  "name": "BEA07-151.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/218"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-0423",
        "datePublished": "2007-01-23T00:00:00.000Z",
        "dateReserved": "2007-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:19:30.076Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-0426 (GCVE-0-2007-0426)

    Vulnerability from nvd – Published: 2007-01-23 00:00 – Updated: 2024-08-07 12:19
    VLAI
    Summary
    BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/23750 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/22082 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1017521 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2007/0213 vdb-entryx_refsource_VUPEN
    http://osvdb.org/32854 vdb-entryx_refsource_OSVDB
    http://dev2dev.bea.com/pub/advisory/223 vendor-advisoryx_refsource_BEA
    http://osvdb.org/38516 vdb-entryx_refsource_OSVDB
    Date Public
    2007-01-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:19:30.318Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "23750",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23750"
              },
              {
                "name": "22082",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22082"
              },
              {
                "name": "1017521",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1017521"
              },
              {
                "name": "ADV-2007-0213",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0213"
              },
              {
                "name": "32854",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/32854"
              },
              {
                "name": "BEA07-156.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/223"
              },
              {
                "name": "38516",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38516"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-01-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-01-30T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "23750",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23750"
            },
            {
              "name": "22082",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22082"
            },
            {
              "name": "1017521",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1017521"
            },
            {
              "name": "ADV-2007-0213",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0213"
            },
            {
              "name": "32854",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/32854"
            },
            {
              "name": "BEA07-156.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/223"
            },
            {
              "name": "38516",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38516"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-0426",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "23750",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/23750"
                },
                {
                  "name": "22082",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22082"
                },
                {
                  "name": "1017521",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1017521"
                },
                {
                  "name": "ADV-2007-0213",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0213"
                },
                {
                  "name": "32854",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/32854"
                },
                {
                  "name": "BEA07-156.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/223"
                },
                {
                  "name": "38516",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38516"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-0426",
        "datePublished": "2007-01-23T00:00:00.000Z",
        "dateReserved": "2007-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:19:30.318Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1358 (GCVE-0-2006-1358)

    Vulnerability from nvd – Published: 2006-03-22 02:00 – Updated: 2024-08-07 17:12
    VLAI
    Summary
    Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2006/1022 vdb-entryx_refsource_VUPEN
    ftp://ftpna.beasys.com/pub/releases/security/patc… x_refsource_MISC
    http://dev2dev.bea.com/pub/advisory/182 vendor-advisoryx_refsource_BEA
    http://secunia.com/advisories/19308 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/17164 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1015791 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2006-03-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:12:20.691Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2006-1022",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1022"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip"
              },
              {
                "name": "BEA06-122.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/182"
              },
              {
                "name": "19308",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19308"
              },
              {
                "name": "17164",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17164"
              },
              {
                "name": "1015791",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015791"
              },
              {
                "name": "weblogic-portal-portlet-disclosure(25345)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25345"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-03-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2006-1022",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1022"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip"
            },
            {
              "name": "BEA06-122.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/182"
            },
            {
              "name": "19308",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19308"
            },
            {
              "name": "17164",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17164"
            },
            {
              "name": "1015791",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015791"
            },
            {
              "name": "weblogic-portal-portlet-disclosure(25345)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25345"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1358",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2006-1022",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1022"
                },
                {
                  "name": "ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip",
                  "refsource": "MISC",
                  "url": "ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip"
                },
                {
                  "name": "BEA06-122.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/182"
                },
                {
                  "name": "19308",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19308"
                },
                {
                  "name": "17164",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17164"
                },
                {
                  "name": "1015791",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015791"
                },
                {
                  "name": "weblogic-portal-portlet-disclosure(25345)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25345"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1358",
        "datePublished": "2006-03-22T02:00:00.000Z",
        "dateReserved": "2006-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:12:20.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-0423 (GCVE-0-2006-0423)

    Vulnerability from nvd – Published: 2006-01-25 23:00 – Updated: 2024-08-07 16:34
    VLAI
    Summary
    BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2008/0613 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/18593 third-party-advisoryx_refsource_SECUNIA
    http://dev2dev.bea.com/pub/advisory/167 vendor-advisoryx_refsource_BEA
    http://www.vupen.com/english/advisories/2006/0312 vdb-entryx_refsource_VUPEN
    http://securitytracker.com/id?1015528 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/16358 vdb-entryx_refsource_BID
    http://dev2dev.bea.com/pub/advisory/262 vendor-advisoryx_refsource_BEA
    Date Public
    2006-01-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:34:14.691Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2008-0613",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0613"
              },
              {
                "name": "weblogic-portal-config-info-disclosure(40705)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40705"
              },
              {
                "name": "18593",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18593"
              },
              {
                "name": "BEA06-110.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/167"
              },
              {
                "name": "ADV-2006-0312",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/0312"
              },
              {
                "name": "1015528",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015528"
              },
              {
                "name": "weblogicportal-config-info-disclosure(24284)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24284"
              },
              {
                "name": "16358",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/16358"
              },
              {
                "name": "BEA08-110.01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/262"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-01-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2008-0613",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0613"
            },
            {
              "name": "weblogic-portal-config-info-disclosure(40705)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40705"
            },
            {
              "name": "18593",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18593"
            },
            {
              "name": "BEA06-110.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/167"
            },
            {
              "name": "ADV-2006-0312",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0312"
            },
            {
              "name": "1015528",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015528"
            },
            {
              "name": "weblogicportal-config-info-disclosure(24284)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24284"
            },
            {
              "name": "16358",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/16358"
            },
            {
              "name": "BEA08-110.01",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/262"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-0423",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2008-0613",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0613"
                },
                {
                  "name": "weblogic-portal-config-info-disclosure(40705)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40705"
                },
                {
                  "name": "18593",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18593"
                },
                {
                  "name": "BEA06-110.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/167"
                },
                {
                  "name": "ADV-2006-0312",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/0312"
                },
                {
                  "name": "1015528",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015528"
                },
                {
                  "name": "weblogicportal-config-info-disclosure(24284)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24284"
                },
                {
                  "name": "16358",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/16358"
                },
                {
                  "name": "BEA08-110.01",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/262"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-0423",
        "datePublished": "2006-01-25T23:00:00.000Z",
        "dateReserved": "2006-01-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:34:14.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-0428 (GCVE-0-2006-0428)

    Vulnerability from nvd – Published: 2006-01-25 23:00 – Updated: 2024-08-07 16:34
    VLAI
    Summary
    Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restricted web resources via crafted URLs.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/18593 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/22767 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2006/0312 vdb-entryx_refsource_VUPEN
    http://securitytracker.com/id?1015528 vdb-entryx_refsource_SECTRACK
    http://dev2dev.bea.com/pub/advisory/172 vendor-advisoryx_refsource_BEA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/16358 vdb-entryx_refsource_BID
    Date Public
    2006-01-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:34:14.674Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "18593",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18593"
              },
              {
                "name": "22767",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/22767"
              },
              {
                "name": "ADV-2006-0312",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/0312"
              },
              {
                "name": "1015528",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015528"
              },
              {
                "name": "BEA06-115.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/172"
              },
              {
                "name": "weblogic-wsrp-gain-access(24293)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24293"
              },
              {
                "name": "16358",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/16358"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-01-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restricted web resources via crafted URLs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "18593",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18593"
            },
            {
              "name": "22767",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/22767"
            },
            {
              "name": "ADV-2006-0312",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0312"
            },
            {
              "name": "1015528",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015528"
            },
            {
              "name": "BEA06-115.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/172"
            },
            {
              "name": "weblogic-wsrp-gain-access(24293)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24293"
            },
            {
              "name": "16358",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/16358"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-0428",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restricted web resources via crafted URLs."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "18593",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18593"
                },
                {
                  "name": "22767",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/22767"
                },
                {
                  "name": "ADV-2006-0312",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/0312"
                },
                {
                  "name": "1015528",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015528"
                },
                {
                  "name": "BEA06-115.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/172"
                },
                {
                  "name": "weblogic-wsrp-gain-access(24293)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24293"
                },
                {
                  "name": "16358",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/16358"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-0428",
        "datePublished": "2006-01-25T23:00:00.000Z",
        "dateReserved": "2006-01-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:34:14.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-0425 (GCVE-0-2006-0425)

    Vulnerability from nvd – Published: 2006-01-25 23:00 – Updated: 2024-08-07 16:34
    VLAI
    Summary
    BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/18593 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2006/0312 vdb-entryx_refsource_VUPEN
    http://securitytracker.com/id?1015528 vdb-entryx_refsource_SECTRACK
    http://dev2dev.bea.com/pub/advisory/169 vendor-advisoryx_refsource_BEA
    http://www.securityfocus.com/bid/16358 vdb-entryx_refsource_BID
    Date Public
    2006-01-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:34:14.715Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "18593",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18593"
              },
              {
                "name": "weblogic-deployment-descriptor-disclosure(24297)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24297"
              },
              {
                "name": "ADV-2006-0312",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/0312"
              },
              {
                "name": "1015528",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015528"
              },
              {
                "name": "BEA06-112.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/169"
              },
              {
                "name": "16358",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/16358"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-01-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "18593",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18593"
            },
            {
              "name": "weblogic-deployment-descriptor-disclosure(24297)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24297"
            },
            {
              "name": "ADV-2006-0312",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0312"
            },
            {
              "name": "1015528",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015528"
            },
            {
              "name": "BEA06-112.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/169"
            },
            {
              "name": "16358",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/16358"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-0425",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "18593",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18593"
                },
                {
                  "name": "weblogic-deployment-descriptor-disclosure(24297)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24297"
                },
                {
                  "name": "ADV-2006-0312",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/0312"
                },
                {
                  "name": "1015528",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015528"
                },
                {
                  "name": "BEA06-112.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/169"
                },
                {
                  "name": "16358",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/16358"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-0425",
        "datePublished": "2006-01-25T23:00:00.000Z",
        "dateReserved": "2006-01-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:34:14.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-2680 (GCVE-0-2005-2680)

    Vulnerability from nvd – Published: 2005-08-23 04:00 – Updated: 2024-08-07 22:45
    VLAI
    Summary
    Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages of a Book via crafted URLs.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://dev2dev.bea.com/pub/advisory/137 vendor-advisoryx_refsource_BEA
    Date Public
    2005-08-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:45:02.228Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "BEA05-84.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/137"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-08-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages of a Book via crafted URLs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2006-04-04T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "BEA05-84.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/137"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-2680",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages of a Book via crafted URLs."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "BEA05-84.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/137"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-2680",
        "datePublished": "2005-08-23T04:00:00.000Z",
        "dateReserved": "2005-08-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:45:02.228Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-1745 (GCVE-0-2005-1745)

    Vulnerability from nvd – Published: 2005-05-24 04:00 – Updated: 2024-08-07 21:59
    VLAI
    Summary
    The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/15486 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1014049 vdb-entryx_refsource_SECTRACK
    http://dev2dev.bea.com/pub/advisory/128 vendor-advisoryx_refsource_BEA
    http://www.securityfocus.com/bid/13717 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2005/0605 vdb-entryx_refsource_VUPEN
    Date Public
    2005-05-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T21:59:24.229Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "15486",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/15486"
              },
              {
                "name": "1014049",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014049"
              },
              {
                "name": "BEA05-78.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/128"
              },
              {
                "name": "13717",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/13717"
              },
              {
                "name": "ADV-2005-0605",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/0605"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-05-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-06-04T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "15486",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/15486"
            },
            {
              "name": "1014049",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014049"
            },
            {
              "name": "BEA05-78.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/128"
            },
            {
              "name": "13717",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/13717"
            },
            {
              "name": "ADV-2005-0605",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/0605"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-1745",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "15486",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/15486"
                },
                {
                  "name": "1014049",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014049"
                },
                {
                  "name": "BEA05-78.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/128"
                },
                {
                  "name": "13717",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/13717"
                },
                {
                  "name": "ADV-2005-0605",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/0605"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-1745",
        "datePublished": "2005-05-24T04:00:00.000Z",
        "dateReserved": "2005-05-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T21:59:24.229Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0865 (GCVE-0-2008-0865)

    Vulnerability from cvelistv5 – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://dev2dev.bea.com/pub/advisory/257 vendor-advisoryx_refsource_BEA
    http://www.vupen.com/english/advisories/2008/0613 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1019451 vdb-entryx_refsource_SECTRACK
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:40.095Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "BEA08-184.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/257"
              },
              {
                "name": "ADV-2008-0613",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0613"
              },
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "1019451",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019451"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-05T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "BEA08-184.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/257"
            },
            {
              "name": "ADV-2008-0613",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0613"
            },
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "1019451",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019451"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0865",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "BEA08-184.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/257"
                },
                {
                  "name": "ADV-2008-0613",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0613"
                },
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "1019451",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019451"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0865",
        "datePublished": "2008-02-21T01:00:00.000Z",
        "dateReserved": "2008-02-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:40.095Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0868 (GCVE-0-2008-0868)

    Vulnerability from cvelistv5 – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1019452 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2008/0613 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://dev2dev.bea.com/pub/advisory/261 vendor-advisoryx_refsource_BEA
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:39.768Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1019452",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019452"
              },
              {
                "name": "ADV-2008-0613",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0613"
              },
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "BEA08-188.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/261"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-05T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1019452",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019452"
            },
            {
              "name": "ADV-2008-0613",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0613"
            },
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "BEA08-188.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/261"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0868",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1019452",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019452"
                },
                {
                  "name": "ADV-2008-0613",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0613"
                },
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "BEA08-188.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/261"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0868",
        "datePublished": "2008-02-21T01:00:00.000Z",
        "dateReserved": "2008-02-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:39.768Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0870 (GCVE-0-2008-0870)

    Vulnerability from cvelistv5 – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2008/0613 vdb-entryx_refsource_VUPEN
    http://dev2dev.bea.com/pub/advisory/264 vendor-advisoryx_refsource_BEA
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1019442 vdb-entryx_refsource_SECTRACK
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:40.034Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2008-0613",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0613"
              },
              {
                "name": "BEA08-190.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/264"
              },
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "1019442",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019442"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-05T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2008-0613",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0613"
            },
            {
              "name": "BEA08-190.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/264"
            },
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "1019442",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019442"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0870",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2008-0613",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0613"
                },
                {
                  "name": "BEA08-190.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/264"
                },
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "1019442",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019442"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0870",
        "datePublished": "2008-02-21T01:00:00.000Z",
        "dateReserved": "2008-02-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:40.034Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0864 (GCVE-0-2008-0864)

    Vulnerability from cvelistv5 – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2008/0613 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1019454 vdb-entryx_refsource_SECTRACK
    http://dev2dev.bea.com/pub/advisory/256 vendor-advisoryx_refsource_BEA
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:40.100Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2008-0613",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0613"
              },
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "1019454",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019454"
              },
              {
                "name": "BEA08-183.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/256"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-05T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2008-0613",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0613"
            },
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "1019454",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019454"
            },
            {
              "name": "BEA08-183.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/256"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0864",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2008-0613",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0613"
                },
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "1019454",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019454"
                },
                {
                  "name": "BEA08-183.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/256"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0864",
        "datePublished": "2008-02-21T01:00:00.000Z",
        "dateReserved": "2008-02-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:40.100Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5576 (GCVE-0-2007-5576)

    Vulnerability from cvelistv5 – Published: 2007-10-18 21:00 – Updated: 2024-08-07 15:39
    VLAI
    Summary
    BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/45478 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://dev2dev.bea.com/pub/advisory/226 vendor-advisoryx_refsource_BEA
    http://www.vupen.com/english/advisories/2007/1813 vdb-entryx_refsource_VUPEN
    Date Public
    2007-05-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:39:13.505Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45478",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/45478"
              },
              {
                "name": "weblogic-tuxedo-information-disclosure(34290)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
              },
              {
                "name": "BEA07-158.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/226"
              },
              {
                "name": "ADV-2007-1813",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1813"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-05-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "45478",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/45478"
            },
            {
              "name": "weblogic-tuxedo-information-disclosure(34290)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
            },
            {
              "name": "BEA07-158.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/226"
            },
            {
              "name": "ADV-2007-1813",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1813"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5576",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45478",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/45478"
                },
                {
                  "name": "weblogic-tuxedo-information-disclosure(34290)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
                },
                {
                  "name": "BEA07-158.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/226"
                },
                {
                  "name": "ADV-2007-1813",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1813"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5576",
        "datePublished": "2007-10-18T21:00:00.000Z",
        "dateReserved": "2007-10-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:39:13.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2703 (GCVE-0-2007-2703)

    Vulnerability from cvelistv5 – Published: 2007-05-16 01:00 – Updated: 2024-08-07 13:49
    VLAI
    Summary
    BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/36065 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/25284 third-party-advisoryx_refsource_SECUNIA
    http://dev2dev.bea.com/pub/advisory/236 vendor-advisoryx_refsource_BEA
    http://www.securitytracker.com/id?1018060 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2007/1815 vdb-entryx_refsource_VUPEN
    Date Public
    2007-05-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:49:57.136Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36065",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/36065"
              },
              {
                "name": "weblogic-portal-entitlement-weak-security(34285)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34285"
              },
              {
                "name": "25284",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25284"
              },
              {
                "name": "BEA07-167.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/236"
              },
              {
                "name": "1018060",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018060"
              },
              {
                "name": "ADV-2007-1815",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1815"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-05-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "36065",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/36065"
            },
            {
              "name": "weblogic-portal-entitlement-weak-security(34285)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34285"
            },
            {
              "name": "25284",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25284"
            },
            {
              "name": "BEA07-167.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/236"
            },
            {
              "name": "1018060",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018060"
            },
            {
              "name": "ADV-2007-1815",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1815"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2703",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36065",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/36065"
                },
                {
                  "name": "weblogic-portal-entitlement-weak-security(34285)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34285"
                },
                {
                  "name": "25284",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25284"
                },
                {
                  "name": "BEA07-167.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/236"
                },
                {
                  "name": "1018060",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018060"
                },
                {
                  "name": "ADV-2007-1815",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1815"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2703",
        "datePublished": "2007-05-16T01:00:00.000Z",
        "dateReserved": "2007-05-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:49:57.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2702 (GCVE-0-2007-2702)

    Vulnerability from cvelistv5 – Published: 2007-05-16 01:00 – Updated: 2024-08-07 13:49
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/25284 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/36066 vdb-entryx_refsource_OSVDB
    http://dev2dev.bea.com/pub/advisory/235 vendor-advisoryx_refsource_BEA
    http://www.securitytracker.com/id?1018060 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2007/1815 vdb-entryx_refsource_VUPEN
    Date Public
    2007-05-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:49:57.174Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "weblogic-portal-groupspace-xss(34283)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34283"
              },
              {
                "name": "25284",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25284"
              },
              {
                "name": "36066",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/36066"
              },
              {
                "name": "BEA07-166.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/235"
              },
              {
                "name": "1018060",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018060"
              },
              {
                "name": "ADV-2007-1815",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1815"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-05-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "weblogic-portal-groupspace-xss(34283)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34283"
            },
            {
              "name": "25284",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25284"
            },
            {
              "name": "36066",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/36066"
            },
            {
              "name": "BEA07-166.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/235"
            },
            {
              "name": "1018060",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018060"
            },
            {
              "name": "ADV-2007-1815",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1815"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2702",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "weblogic-portal-groupspace-xss(34283)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34283"
                },
                {
                  "name": "25284",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25284"
                },
                {
                  "name": "36066",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/36066"
                },
                {
                  "name": "BEA07-166.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/235"
                },
                {
                  "name": "1018060",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018060"
                },
                {
                  "name": "ADV-2007-1815",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1815"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2702",
        "datePublished": "2007-05-16T01:00:00.000Z",
        "dateReserved": "2007-05-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:49:57.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-0423 (GCVE-0-2007-0423)

    Vulnerability from cvelistv5 – Published: 2007-01-23 00:00 – Updated: 2024-08-07 12:19
    VLAI
    Summary
    BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/32857 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/23750 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/22082 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1017521 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2007/0213 vdb-entryx_refsource_VUPEN
    http://dev2dev.bea.com/pub/advisory/218 vendor-advisoryx_refsource_BEA
    Date Public
    2007-01-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:19:30.076Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32857",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/32857"
              },
              {
                "name": "23750",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23750"
              },
              {
                "name": "22082",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22082"
              },
              {
                "name": "1017521",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1017521"
              },
              {
                "name": "ADV-2007-0213",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0213"
              },
              {
                "name": "BEA07-151.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/218"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-01-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be \"inadvertently affected,\" which has an unknown impact."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-01-30T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "32857",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/32857"
            },
            {
              "name": "23750",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23750"
            },
            {
              "name": "22082",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22082"
            },
            {
              "name": "1017521",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1017521"
            },
            {
              "name": "ADV-2007-0213",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0213"
            },
            {
              "name": "BEA07-151.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/218"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-0423",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be \"inadvertently affected,\" which has an unknown impact."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32857",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/32857"
                },
                {
                  "name": "23750",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/23750"
                },
                {
                  "name": "22082",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22082"
                },
                {
                  "name": "1017521",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1017521"
                },
                {
                  "name": "ADV-2007-0213",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0213"
                },
                {
                  "name": "BEA07-151.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/218"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-0423",
        "datePublished": "2007-01-23T00:00:00.000Z",
        "dateReserved": "2007-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:19:30.076Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-0426 (GCVE-0-2007-0426)

    Vulnerability from cvelistv5 – Published: 2007-01-23 00:00 – Updated: 2024-08-07 12:19
    VLAI
    Summary
    BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/23750 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/22082 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1017521 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2007/0213 vdb-entryx_refsource_VUPEN
    http://osvdb.org/32854 vdb-entryx_refsource_OSVDB
    http://dev2dev.bea.com/pub/advisory/223 vendor-advisoryx_refsource_BEA
    http://osvdb.org/38516 vdb-entryx_refsource_OSVDB
    Date Public
    2007-01-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:19:30.318Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "23750",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23750"
              },
              {
                "name": "22082",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22082"
              },
              {
                "name": "1017521",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1017521"
              },
              {
                "name": "ADV-2007-0213",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0213"
              },
              {
                "name": "32854",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/32854"
              },
              {
                "name": "BEA07-156.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/223"
              },
              {
                "name": "38516",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38516"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-01-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-01-30T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "23750",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23750"
            },
            {
              "name": "22082",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22082"
            },
            {
              "name": "1017521",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1017521"
            },
            {
              "name": "ADV-2007-0213",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0213"
            },
            {
              "name": "32854",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/32854"
            },
            {
              "name": "BEA07-156.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/223"
            },
            {
              "name": "38516",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38516"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-0426",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "23750",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/23750"
                },
                {
                  "name": "22082",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22082"
                },
                {
                  "name": "1017521",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1017521"
                },
                {
                  "name": "ADV-2007-0213",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0213"
                },
                {
                  "name": "32854",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/32854"
                },
                {
                  "name": "BEA07-156.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/223"
                },
                {
                  "name": "38516",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38516"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-0426",
        "datePublished": "2007-01-23T00:00:00.000Z",
        "dateReserved": "2007-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:19:30.318Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1358 (GCVE-0-2006-1358)

    Vulnerability from cvelistv5 – Published: 2006-03-22 02:00 – Updated: 2024-08-07 17:12
    VLAI
    Summary
    Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2006/1022 vdb-entryx_refsource_VUPEN
    ftp://ftpna.beasys.com/pub/releases/security/patc… x_refsource_MISC
    http://dev2dev.bea.com/pub/advisory/182 vendor-advisoryx_refsource_BEA
    http://secunia.com/advisories/19308 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/17164 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1015791 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2006-03-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:12:20.691Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2006-1022",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1022"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip"
              },
              {
                "name": "BEA06-122.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/182"
              },
              {
                "name": "19308",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19308"
              },
              {
                "name": "17164",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17164"
              },
              {
                "name": "1015791",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015791"
              },
              {
                "name": "weblogic-portal-portlet-disclosure(25345)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25345"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-03-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2006-1022",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1022"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip"
            },
            {
              "name": "BEA06-122.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/182"
            },
            {
              "name": "19308",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19308"
            },
            {
              "name": "17164",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17164"
            },
            {
              "name": "1015791",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015791"
            },
            {
              "name": "weblogic-portal-portlet-disclosure(25345)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25345"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1358",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2006-1022",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1022"
                },
                {
                  "name": "ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip",
                  "refsource": "MISC",
                  "url": "ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip"
                },
                {
                  "name": "BEA06-122.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/182"
                },
                {
                  "name": "19308",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19308"
                },
                {
                  "name": "17164",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17164"
                },
                {
                  "name": "1015791",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015791"
                },
                {
                  "name": "weblogic-portal-portlet-disclosure(25345)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25345"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1358",
        "datePublished": "2006-03-22T02:00:00.000Z",
        "dateReserved": "2006-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:12:20.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-0423 (GCVE-0-2006-0423)

    Vulnerability from cvelistv5 – Published: 2006-01-25 23:00 – Updated: 2024-08-07 16:34
    VLAI
    Summary
    BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2008/0613 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/18593 third-party-advisoryx_refsource_SECUNIA
    http://dev2dev.bea.com/pub/advisory/167 vendor-advisoryx_refsource_BEA
    http://www.vupen.com/english/advisories/2006/0312 vdb-entryx_refsource_VUPEN
    http://securitytracker.com/id?1015528 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/16358 vdb-entryx_refsource_BID
    http://dev2dev.bea.com/pub/advisory/262 vendor-advisoryx_refsource_BEA
    Date Public
    2006-01-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:34:14.691Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2008-0613",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0613"
              },
              {
                "name": "weblogic-portal-config-info-disclosure(40705)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40705"
              },
              {
                "name": "18593",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18593"
              },
              {
                "name": "BEA06-110.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/167"
              },
              {
                "name": "ADV-2006-0312",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/0312"
              },
              {
                "name": "1015528",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015528"
              },
              {
                "name": "weblogicportal-config-info-disclosure(24284)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24284"
              },
              {
                "name": "16358",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/16358"
              },
              {
                "name": "BEA08-110.01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/262"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-01-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2008-0613",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0613"
            },
            {
              "name": "weblogic-portal-config-info-disclosure(40705)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40705"
            },
            {
              "name": "18593",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18593"
            },
            {
              "name": "BEA06-110.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/167"
            },
            {
              "name": "ADV-2006-0312",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0312"
            },
            {
              "name": "1015528",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015528"
            },
            {
              "name": "weblogicportal-config-info-disclosure(24284)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24284"
            },
            {
              "name": "16358",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/16358"
            },
            {
              "name": "BEA08-110.01",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/262"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-0423",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2008-0613",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0613"
                },
                {
                  "name": "weblogic-portal-config-info-disclosure(40705)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40705"
                },
                {
                  "name": "18593",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18593"
                },
                {
                  "name": "BEA06-110.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/167"
                },
                {
                  "name": "ADV-2006-0312",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/0312"
                },
                {
                  "name": "1015528",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015528"
                },
                {
                  "name": "weblogicportal-config-info-disclosure(24284)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24284"
                },
                {
                  "name": "16358",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/16358"
                },
                {
                  "name": "BEA08-110.01",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/262"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-0423",
        "datePublished": "2006-01-25T23:00:00.000Z",
        "dateReserved": "2006-01-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:34:14.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-0428 (GCVE-0-2006-0428)

    Vulnerability from cvelistv5 – Published: 2006-01-25 23:00 – Updated: 2024-08-07 16:34
    VLAI
    Summary
    Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restricted web resources via crafted URLs.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/18593 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/22767 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2006/0312 vdb-entryx_refsource_VUPEN
    http://securitytracker.com/id?1015528 vdb-entryx_refsource_SECTRACK
    http://dev2dev.bea.com/pub/advisory/172 vendor-advisoryx_refsource_BEA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/16358 vdb-entryx_refsource_BID
    Date Public
    2006-01-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:34:14.674Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "18593",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18593"
              },
              {
                "name": "22767",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/22767"
              },
              {
                "name": "ADV-2006-0312",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/0312"
              },
              {
                "name": "1015528",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015528"
              },
              {
                "name": "BEA06-115.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/172"
              },
              {
                "name": "weblogic-wsrp-gain-access(24293)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24293"
              },
              {
                "name": "16358",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/16358"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-01-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restricted web resources via crafted URLs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "18593",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18593"
            },
            {
              "name": "22767",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/22767"
            },
            {
              "name": "ADV-2006-0312",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0312"
            },
            {
              "name": "1015528",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015528"
            },
            {
              "name": "BEA06-115.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/172"
            },
            {
              "name": "weblogic-wsrp-gain-access(24293)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24293"
            },
            {
              "name": "16358",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/16358"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-0428",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restricted web resources via crafted URLs."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "18593",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18593"
                },
                {
                  "name": "22767",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/22767"
                },
                {
                  "name": "ADV-2006-0312",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/0312"
                },
                {
                  "name": "1015528",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015528"
                },
                {
                  "name": "BEA06-115.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/172"
                },
                {
                  "name": "weblogic-wsrp-gain-access(24293)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24293"
                },
                {
                  "name": "16358",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/16358"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-0428",
        "datePublished": "2006-01-25T23:00:00.000Z",
        "dateReserved": "2006-01-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:34:14.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-0425 (GCVE-0-2006-0425)

    Vulnerability from cvelistv5 – Published: 2006-01-25 23:00 – Updated: 2024-08-07 16:34
    VLAI
    Summary
    BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/18593 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2006/0312 vdb-entryx_refsource_VUPEN
    http://securitytracker.com/id?1015528 vdb-entryx_refsource_SECTRACK
    http://dev2dev.bea.com/pub/advisory/169 vendor-advisoryx_refsource_BEA
    http://www.securityfocus.com/bid/16358 vdb-entryx_refsource_BID
    Date Public
    2006-01-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:34:14.715Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "18593",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18593"
              },
              {
                "name": "weblogic-deployment-descriptor-disclosure(24297)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24297"
              },
              {
                "name": "ADV-2006-0312",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/0312"
              },
              {
                "name": "1015528",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015528"
              },
              {
                "name": "BEA06-112.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/169"
              },
              {
                "name": "16358",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/16358"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-01-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "18593",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18593"
            },
            {
              "name": "weblogic-deployment-descriptor-disclosure(24297)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24297"
            },
            {
              "name": "ADV-2006-0312",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0312"
            },
            {
              "name": "1015528",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015528"
            },
            {
              "name": "BEA06-112.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/169"
            },
            {
              "name": "16358",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/16358"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-0425",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "18593",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18593"
                },
                {
                  "name": "weblogic-deployment-descriptor-disclosure(24297)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24297"
                },
                {
                  "name": "ADV-2006-0312",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/0312"
                },
                {
                  "name": "1015528",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015528"
                },
                {
                  "name": "BEA06-112.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/169"
                },
                {
                  "name": "16358",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/16358"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-0425",
        "datePublished": "2006-01-25T23:00:00.000Z",
        "dateReserved": "2006-01-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:34:14.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-2680 (GCVE-0-2005-2680)

    Vulnerability from cvelistv5 – Published: 2005-08-23 04:00 – Updated: 2024-08-07 22:45
    VLAI
    Summary
    Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages of a Book via crafted URLs.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://dev2dev.bea.com/pub/advisory/137 vendor-advisoryx_refsource_BEA
    Date Public
    2005-08-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:45:02.228Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "BEA05-84.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/137"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-08-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages of a Book via crafted URLs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2006-04-04T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "BEA05-84.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/137"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-2680",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages of a Book via crafted URLs."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "BEA05-84.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/137"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-2680",
        "datePublished": "2005-08-23T04:00:00.000Z",
        "dateReserved": "2005-08-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:45:02.228Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-1745 (GCVE-0-2005-1745)

    Vulnerability from cvelistv5 – Published: 2005-05-24 04:00 – Updated: 2024-08-07 21:59
    VLAI
    Summary
    The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/15486 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1014049 vdb-entryx_refsource_SECTRACK
    http://dev2dev.bea.com/pub/advisory/128 vendor-advisoryx_refsource_BEA
    http://www.securityfocus.com/bid/13717 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2005/0605 vdb-entryx_refsource_VUPEN
    Date Public
    2005-05-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T21:59:24.229Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "15486",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/15486"
              },
              {
                "name": "1014049",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014049"
              },
              {
                "name": "BEA05-78.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/128"
              },
              {
                "name": "13717",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/13717"
              },
              {
                "name": "ADV-2005-0605",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/0605"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-05-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-06-04T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "15486",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/15486"
            },
            {
              "name": "1014049",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014049"
            },
            {
              "name": "BEA05-78.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/128"
            },
            {
              "name": "13717",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/13717"
            },
            {
              "name": "ADV-2005-0605",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/0605"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-1745",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "15486",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/15486"
                },
                {
                  "name": "1014049",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014049"
                },
                {
                  "name": "BEA05-78.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/128"
                },
                {
                  "name": "13717",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/13717"
                },
                {
                  "name": "ADV-2005-0605",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/0605"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-1745",
        "datePublished": "2005-05-24T04:00:00.000Z",
        "dateReserved": "2005-05-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T21:59:24.229Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }