Inadequate Role Entitlement Management in BEA WebLogic Portal
CVE-2007-0423

Currently unrated

Key Information:

Vendor: Oracle
Status: Weblogic Portal
Vendor: CVE Published:; 23 January 2007

What is CVE-2007-0423?

BEA WebLogic Portal 9.2 exhibits a flaw in its handling of role entitlements, where the removal of entitlements for a specific role can unintentionally influence other role entitlements. This mismanagement can lead to unforeseen security risks and access issues, potentially compromising the integrity of user permissions.

References

http://osvdb.org/32857

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/23750

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/22082

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 23, 2007
Vulnerability Reserved
Jan 22, 2007

Oracle

What is CVE-2007-0423?

References

Timeline