BEA Plumtree Foundation search facility allows an unauthenticated guest user to search for user objects

これもAquaLogicの脆弱性情報ですね。Beaからアドバイザリが出ています。

problem was identified that could potentially cause a security vulnerability in certain versions of the BEA Plumtree Foundation and BEA AquaLogic Interaction. Simple configuration changes are available to correct this problem (see Section II). BEA Systems treats potential security problems with a high degree of urgency and endeavors to take appropriate steps to help ensure the security of our customers’ systems. As a result, BEA Systems strongly suggests the following actions:

screenshot