Session Management Vulnerability in BEA WebLogic Portal by BEA Systems
CVE-2006-1358

Currently unrated

Key Information:

Vendor: Oracle
Status: Weblogic Portal
Vendor: CVE Published:; 22 March 2006

What is CVE-2006-1358?

A session management vulnerability exists in BEA WebLogic Portal versions up to SP5, which allows a JSR-168 Portlet to be improperly cached. This flaw can result in one user being able to see the Portlet data of another user, leading to potential unauthorized access to sensitive information. Addressing this issue is crucial to safeguard user data and maintain the integrity of web applications powered by BEA WebLogic.

References

http://www.vupen.com/english/advisories/2006/1022

vdb-entryx_refsource_VUPEN

ftp://ftpna.beasys.com/pub/releases/security/patch_CR2595...

x_refsource_MISC

http://dev2dev.bea.com/pub/advisory/182

vendor-advisoryx_refsource_BEA

Timeline

Vulnerability published
Mar 22, 2006
Vulnerability Reserved
Mar 21, 2006

Oracle

What is CVE-2006-1358?

References

Timeline