CVE-2007-6198

BEA AquaLogic Interaction <6.0.1.218452 - Info Disclosure

Title source: llm

Description

portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Adrian Pastor · textwebappsphp

https://www.exploit-db.com/exploits/30822

View Code ZIP pw:eip

References (6)

[Exploit] http://procheckup.com/Vulnerability_PR06-11.php

[Patch, Vendor Advisory] http://secunia.com/advisories/27840

[Exploit] http://www.securityfocus.com/bid/26620

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/484469/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019004

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/4040

Scores

EPSS 0.0630

EPSS Percentile 90.8%

Classification

Status draft

Affected Products (4)

bea/aqualogic_interaction

bea/aqualogic_interaction

bea/aqualogic_interaction

bea/aqualogic_interaction

Timeline

Published Dec 01, 2007

Tracked Since Feb 18, 2026