CVE-2008-5461: Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote...

Description

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is cross-site scripting.

Metrics

EPSS Probability

1.43%

69.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions	Update
Oracle	Bea Product Suite	7.0	Sp7
Oracle	Bea Product Suite	8.1	Sp6
Oracle	Bea Product Suite	9.0	—
Oracle	Bea Product Suite	9.1	—
Oracle	Bea Product Suite	9.2	Mp3
Oracle	Bea Product Suite	10.0	Mp1
Oracle	Bea Product Suite	10.3	—

References

Timeline

Published: Jan 14, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2008-5461?

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is cross-site scripting.

How severe is CVE-2008-5461?

Severity scoring for CVE-2008-5461 is pending analysis. The EPSS model estimates a 1.43% probability of exploitation in the next 30 days.

How do I fix CVE-2008-5461?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.