CVE-2005-2680 - Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows re

CVE-2005-2680

Summary

Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages of a Book via crafted URLs.

References

http://dev2dev.bea.com/pub/advisory/137

Vulnerable Configurations

cpe:2.3:a:oracle:weblogic_portal:8.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_portal:8.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_portal:8.1:sp1:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_portal:8.1:sp1:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_portal:8.1:sp2:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_portal:8.1:sp2:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_portal:8.1:sp3:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_portal:8.1:sp3:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_portal:8.1:sp4:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_portal:8.1:sp4:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bea

BEA05-84.00

Last major update

30-10-2018 - 16:25

Published

23-08-2005 - 04:00

Last modified

30-10-2018 - 16:25