Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors.
http://www.vupen.com/english/advisories/2008/0613
http://www.securitytracker.com/id?1019451