CVE-2008-5461
CVSS V2 Medium 6.8
CVSS V3 None
Description
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is cross-site scripting.
Overview
- CVE ID
- CVE-2008-5461
- Assigner
- secalert_us@oracle.com
- Vulnerability Status
- Modified
- Published Version
- 2009-01-14T02:30:00
- Last Modified Date
- 2012-10-23T02:56:49
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:oracle:bea_product_suite:7.0:sp7:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:oracle:bea_product_suite:8.1:sp6:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:oracle:bea_product_suite:9.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:oracle:bea_product_suite:9.1:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:oracle:bea_product_suite:9.2:mp3:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:oracle:bea_product_suite:10.0:mp1:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:oracle:bea_product_suite:10.3:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:M/Au:N/C:P/I:P/A:P
- Access Vector
- NETWORK
- Access Compatibility
- MEDIUM
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- PARTIAL
- Availability Impact
- PARTIAL
- Base Score
- 6.8
- Severity
- MEDIUM
- Exploitability Score
- 8.6
- Impact Score
- 6.4
References
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2008-5461 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5461 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 10:50:05 | Added to TrackCVE |