BEA AquaLogicに情報が見えてしまう脆弱性が存在するそうです。

Adrian Pastor and Jan Fry have reported some weaknesses in BEA AquaLogic Interaction, which can be exploited by malicious people to disclose sensitive information.
1) Input passed to the "in_tx_fulltext" parameter in portal/server.pt is not properly sanitised when performing a search. This can be exploited to enumerate valid usernames in the Plumtree portal.
2) The Plumtree portal includes the hostname of the server in an HTML comment within every page.
The weaknesses are reported in version 6.0. Other versions may also be affected