Approved changes feed: RSS · Atom

cpe:2.3:a:bea_systems:weblogic_portal:10.0:*:*:*:*:*:*:*

part: a version: 10.0 update: *

VendorBea Systems (3896c7df-5770-5541-9221-c6057b3b825f)
ProductWeblogic Portal (28aa7f17-2075-5a4d-a1da-399f37f463d7)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2008-0896 vulnerable 2026-06-08 04:50:18.154056 Details available
BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions.
Published: 2008-02-22T21:00:00.000Z
Updated: 2024-08-07T08:01:40.095Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2008-0870 vulnerable 2026-06-08 04:50:17.981668 Details available
BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session.
Published: 2008-02-21T01:00:00.000Z
Updated: 2024-08-07T08:01:40.034Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2008-0868 vulnerable 2026-06-08 04:50:17.975646 Details available
Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors.
Published: 2008-02-21T01:00:00.000Z
Updated: 2024-08-07T08:01:39.768Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.