Описание
BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions.
Ссылки
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:bea_systems:weblogic_portal:9.2:mp1:*:*:*:*:*:*
cpe:2.3:a:bea_systems:weblogic_portal:10.0:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.00286
Низкий
4.9 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
почти 4 года назад
BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions.
EPSS
Процентиль: 52%
0.00286
Низкий
4.9 Medium
CVSS2
Дефекты
CWE-264