| Vulnerability Name: | CVE-2008-5461 (CCN-48003) | ||||||||
| Assigned: | 2008-12-11 | ||||||||
| Published: | 2009-01-13 | ||||||||
| Updated: | 2012-10-23 | ||||||||
| Summary: | Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. Note: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is cross-site scripting. Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html "Follow the link for each of the CVE numbers to obtain download, installation and other information pertaining to the corresponding vulnerability fix: https://support.bea.com/application_content/product_portlets/securityadvisories/2811.html | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-200 CWE-264 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-5461 Source: CCN Type: JVN#93431860 Oracle WebLogic Server vulnerable to cross-site scripting Source: JVN Type: UNKNOWN JVN#93431860 Source: CCN Type: SA33526 Oracle BEA WebLogic Server Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 33526 Source: CCN Type: SECTRACK ID: 1021571 WebLogic Bugs Let Remote Users Execute Arbitary Code, Acces and Modify Information, and Deny Service Source: CCN Type: Oracle Critical Patch Update Advisory - January 2009 Oracle Critical Patch Update Advisory - January 2009 Source: CONFIRM Type: UNKNOWN http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html Source: CCN Type: OSVDB ID: 51314 Oracle BEA WebLogic Server / Express Console Unspecified Privilege Escalation Source: BID Type: UNKNOWN 33177 Source: CCN Type: BID-33177 Oracle January 2009 Critical Patch Update Multiple Vulnerabilities Source: SECTRACK Type: UNKNOWN 1021571 Source: VUPEN Type: Vendor Advisory ADV-2009-0115 Source: XF Type: UNKNOWN oracle-weblogic-server-wls-xss(48003) Source: CCN Type: Oracle SECURITY ADVISORY (CVE-2008-5461) Elevation of privilege vulnerability in WebLogic Console | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||