📦

aqualogic_interaction

Vendor: bea

Actively Exploited 0 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 0 Remote Access

Total CVEs 2 Total Indexed

Avg. EPSS 1.95% Exploit Prob.

Latest CVE CVE-2008-0904 Feb 22

Security Vulnerability Index

Page 1 / 1

7.8 CVSS

CVE-2008-0904

Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL.

EPSS: 0.41%

Severity: HIGH

Feb 22, 2008

4.3 CVSS

CVE-2008-0867

Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

EPSS: 0.51%

Severity: MEDIUM

Feb 21, 2008

5.0 CVSS

CVE-2007-6197

The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page.

EPSS: 0.60%

Severity: MEDIUM

Dec 01, 2007

5.0 CVSS

CVE-2007-6198

Exploit Found

portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter.

EPSS: 6.30%

Severity: MEDIUM

Dec 01, 2007

Displaying 4 of 2 Total Entries

Total 1 Sections