Vulnerabilities > BEA Systems > Weblogic Portal > 9.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-02-22 | CVE-2008-0896 | Permissions, Privileges, and Access Controls vulnerability in BEA Systems Weblogic Portal 10.0/9.2 BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions. | 4.9 |
2008-02-21 | CVE-2008-0870 | Link Following vulnerability in multiple products BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session. | 7.5 |