← Back

CVE-2008-5461

nvd nist
Published: Jan 14, 2009Modified: Apr 23, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is cross-site scripting.

Affected (7)

Oracle
1 product
Bea Product Suite
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Bea Product Suite
Version 10.0 mp1
Bea Product Suite
Version 10.3
Bea Product Suite
Version 7.0 sp7
Bea Product Suite
Version 8.1 sp6
Bea Product Suite
Version 9.0
Bea Product Suite
Version 9.1
Bea Product Suite
Version 9.2 mp3

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-264
CWE-264

References (12)

Source: secalert_us@oracle.com
Source: secalert_us@oracle.com
Vendor Advisory
Source: secalert_us@oracle.com
Source: secalert_us@oracle.com
Source: secalert_us@oracle.com
Source: secalert_us@oracle.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.