Unrated severityNVD Advisory· Published Feb 22, 2008· Updated Apr 23, 2026

CVE-2008-0904

Description

Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL.

Affected products

Bea/Aqualogic Interaction2 versions
cpe:2.3:a:bea_systems:aqualogic_interaction:4.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:bea_systems:aqualogic_interaction:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:bea_systems:aqualogic_interaction:4.2_mp1:*:*:*:*:*:*:*
Bea/Plumtree Collaboration3 versions
cpe:2.3:a:bea_systems:plumtree_collaboration:4.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:bea_systems:plumtree_collaboration:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:bea_systems:plumtree_collaboration:4.1_sp1:*:*:*:*:*:*:*
- cpe:2.3:a:bea_systems:plumtree_collaboration:4.1_sp2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000