CVE-2008-5461

BEA Product Suite - Info Disclosure

Title source: llm
STIX 2.1

Description

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is cross-site scripting.

References (6)

Core 6
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33526
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0115
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1021571
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33177
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN93431860/index.html

Scores

EPSS 0.0143
EPSS Percentile 69.9%

Details

CWE
CWE-200 CWE-264
Status published
Products (7)
oracle/bea_product_suite 7.0 sp7
oracle/bea_product_suite 8.1 sp6
oracle/bea_product_suite 9.0
oracle/bea_product_suite 9.1
oracle/bea_product_suite 9.2 mp3
oracle/bea_product_suite 10.0 mp1
oracle/bea_product_suite 10.3
Published Jan 14, 2009
Tracked Since Feb 18, 2026