Authorization Bypass in BEA WebLogic Portal 9.2
CVE-2007-0426

Currently unrated

Key Information:

Vendor: Oracle
Status: Weblogic Portal
Vendor: CVE Published:; 23 January 2007

What is CVE-2007-0426?

BEA WebLogic Portal 9.2 in clustered environments may fail to correctly propagate entitlement policy modifications made on a managed server when the Administrative Server is offline. This flaw can potentially allow unauthorized users to circumvent established security restrictions, leading to unapproved access to functions or data that should be protected.

References

http://secunia.com/advisories/23750

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/22082

vdb-entryx_refsource_BID

http://securitytracker.com/id?1017521

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jan 23, 2007
Vulnerability Reserved
Jan 22, 2007

Oracle

What is CVE-2007-0426?

References

Timeline