CVE-2008-0864

medium

Description

Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions.

References

http://www.vupen.com/english/advisories/2008/0613

http://www.securitytracker.com/id?1019454

http://secunia.com/advisories/29041

http://dev2dev.bea.com/pub/advisory/256

Details

Source: Mitre, NVD

Published: 2008-02-21

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.00383