VYPR

Aqualogic Interaction

by Bea

CVEs (4)

  • CVE-2007-6198Dec 1, 2007
    risk 0.04cvss epss 0.07

    portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter.

  • CVE-2008-0904Feb 22, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL.

  • CVE-2008-0867Feb 21, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

  • CVE-2007-6197Dec 1, 2007
    risk 0.00cvss epss 0.02

    The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page.