Date |
Number |
Title |
Type |
Threat* |
Severity** |
CVSS Rating*** |
Products Affected**** |
2008/2/19 |
BEA08-183.00 |
Security policies on a WebLogic Portal Page can inadvertently be lost by an administrator performing certain editing operations on that page |
advisory |
Low |
Medium |
2.1 (Low) |
WLP 8.1 (SP3-SP6) |
2008/2/19 |
BEA08-184.00 |
An entitlement on an instance of a floatable portlet can be bypassed |
advisory |
Low |
Medium |
4.3 (Medium) |
WLP 8.1 (-SP6) |
2008/2/19 |
BEA08-185.00 |
Cross-site scripting (XSS) vulnerabilities in Web applications using WebLogic Workshop NetUI page flows |
advisory |
High |
High |
7.6 (High) |
WLW 8.1 (-SP5) |
2008/2/19 |
BEA08-186.00 |
BEA Plumtree Portal cross site scripting (XSS) vulnerability |
advisory |
Medium |
Medium |
5 (Medium) |
BEA AquaLogic Interaction 6.1 (-MP1) |
|
|
|
|
|
|
|
BEA Plumtree Foundation 6.0 (-SP1) |
2008/2/19 |
BEA08-187.00 |
Web Service WSDL and policy is exposed to unauthenticated HTTP clients |
advisory |
Medium |
Low |
2.6 (Low) |
WLS 9.1 |
|
|
|
|
|
|
|
WLS 9.0 |
2008/2/19 |
BEA08-188.00 |
JavaScript can be injected into the WLP Groupspace application and can allow for an XSS exploit |
advisory |
Medium |
Medium |
4.0 (Low) |
WLP 10.0 |
|
|
|
|
|
|
|
WLP 9.2 (-MP1) |
2008/2/19 |
BEA08-110.01 |
Cleartext database password in the config.xml file |
advisory |
Low |
Medium |
|
WLP 8.1 (-SP3) |
|
|
|
|
|
|
|
WLP 7.0 (SP4 - SP7) |
2008/2/19 |
BEA08-189.00 |
Cross-site scripting (XSS) vulnerabilities in Web applications using either WebLogic Workshop NetUI or Apache Beehive NetUI page flows |
advisory |
High |
High |
6.8 (Medium) |
WLW 10.0 |
|
|
|
|
|
|
|
WLW 9.2 (-MP1) |
|
|
|
|
|
|
|
WLW 9.1 |
|
|
|
|
|
|
|
WLW 9.0 |
|
|
|
|
|
|
|
WLW 8.1 (-SP6) |
2008/2/19 |
BEA08-190.00 |
A WebLogic Portal Administration Console session can inadvertently redirect from https port to an http port |
advisory |
Medium |
High |
8.8 (High) |
WLP 10.0 |
|
|
|
|
|
|
|
WLP 9.2 (-MP2) |
2008/2/19 |
BEA08-191.00 |
Tampering HTML request headers could lead to an elevation of privileges |
advisory |
High |
Medium |
6.4 (Medium) |
WLS 10.0 |
|
|
|
|
|
|
|
WLS 9.2 (-MP1) |
|
|
|
|
|
|
|
WLS 9.1 |
|
|
|
|
|
|
|
WLS 9.0 |
|
|
|
|
|
|
|
WLS 8.1 (-SP6) |
|
|
|
|
|
|
|
WLS7.0 (-SP7) |
|
|
|
|
|
|
|
WLS 6.1 (-SP7) |
2008/2/19 |
BEA08-192.00 |
When content portlets are deleted from one of the portal’s pages, all entitlements are removed for the application |
advisory |
Low |
Medium |
3.6 (Low) |
WLP 10.0 |
|
|
|
|
|
|
|
WLP 9.2 (-MP1) |
2008/2/19 |
BEA08-193.00 |
Non-authorized user may be able to receive messages from a secured JMS Topic destination |
advisory |
Medium |
High |
8.3 (High) |
WLS 10 |
|
|
|
|
|
|
|
WLS 9.2 (-MP1) |
|
|
|
|
|
|
|
WLS 9.1 |
|
|
|
|
|
|
|
WLS 9.0 |
2008/2/19 |
BEA08-194.00 |
A non-authorized user may be able to send messages to a protected distributed queue |
advisory |
Medium |
High |
8.3 (High) |
WLS 10 |
|
|
|
|
|
|
|
WLS 9.2 (-MP1) |
|
|
|
|
|
|
|
WLS 9.1 |
|
|
|
|
|
|
|
WLS 9.0 |
2008/2/19 |
BEA08-195.00 |
Cross-site scripting vulnerability in Console’s Unexpected Exception Page |
advisory |
Medium |
High |
6.1 (Medium) |
WLS 10.0 |
|
|
|
|
|
|
|
WLS 9.2 (-MP1) |
|
|
|
|
|
|
|
WLS 9.1 |
|
|
|
|
|
|
|
WLS 9.0 |
2008/2/19 |
BEA08-196.00 |
A session fixation exploit could result in elevated privileges |
advisory |
Low |
High |
6.8 (High) |
WLS 10.0 |
|
|
|
|
|
|
|
WLS 9.2 (-MP1) |
|
|
|
|
|
|
|
WLS 8.1 (SP4 - SP6) |
2008/2/19 |
BEA08-197.00 |
Account lockout can be bypassed, exposing the account to a brute-force password attack |
advisory |
Medium |
Medium |
6.8 (Medium) |
WLS 10.0 (-MP1) |
|
|
|
|
|
|
|
WLS 9.2 (-MP2) |
|
|
|
|
|
|
|
WLS 9.1 |
|
|
|
|
|
|
|
WLS 9.0 |
|
|
|
|
|
|
|
WLS 8.1 (-SP6) |
|
|
|
|
|
|
|
WLS 7.0 (-SP7) |
2008/2/19 |
BEA08-198.00 |
Multiple Security Vulnerabilities in Java Web Start and the Java Plug-in for browsers |
advisory |
Low |
Medium |
2.4 (Low) |
BEA JRockit R24:JRockit R24.3-1.4.2_04 to R24.5-1.4.2_08 |
|
|
|
|
|
|
|
BEA JRockit R25: JRockit R25.0-1.5.0 to R25.2-1.5.0_03 |
2008/2/19 |
BEA08-80.04 |
Patches available to prevent multiple cross-site scripting (XSS) vulnerabilities |
advisory |
High |
High |
|
WLS 10.0 (-MP1) |
|
|
|
|
|
|
|
WLS 9.2 (-MP2) |
|
|
|
|
|
|
|
WLS 9.1 |
|
|
|
|
|
|
|
WLS 9.0 |
|
|
|
|
|
|
|
WLS 8.1 (-SP6) |
|
|
|
|
|
|
|
WLS 7.0 (-SP7) |
|
|
|
|
|
|
|
WLS 6.1 (-SP7) |
2008/2/19 |
BEA08-159.01 |
Requests served through WebLogic proxy servlets may acquire elevated privileges |
advisory |
Medium |
High |
5.6 (Medium) |
WLS 9.1 |
|
|
|
|
|
|
|
WLS 9.0 |
|
|
|
|
|
|
|
WLS 8.1 (-SP5) |
|
|
|
|
|
|
|
WLS 7.0 (-SP7) |
|
|
|
|
|
|
|
WLS 6.1 (-SP7) |
2008/2/19 |
BEA08-199.00 |
A carefully constructed URL may cause the Sun, IIS or Apache web-server to crash |
advisory |
High |
High |
5.0 (Medium) |
Plug-ins dated prior to November 2007 |
2008/2/19 |
BEA08-200.00 |
Server files can be accessed by a remote user |
advisory |
High |
High |
7.8 (High) |
BEA AquaLogic Collaboration 4.2. |
|
|
|
|
|
|
|
BEA Plumtree Collaboration 4.1 |