BEA portal product springs a leak Organizations using a popular portal server made by BEA Systems may be interested to learn that researchers have figured out a simple way for unauthenticated users to obtain every user name stored on their systems. The user name leak resides in an advanced search function in the BEA Plumtree Portal 6.0, according to this …
On Monday ProCheckUp.com published three vulnerabilities they discovered in BEA's Plumtree Portal (AKA: AquaLogic Integrator), One of those vulnerabilities is discussed in this article.
As a rule, BEA considers the security of its products to be of the greatest importance. BEA tries to respond quickly and efficiently to any threat to the secureness of our customers' installations that is associated our products. Hence, in response to the publication of the vulnerabilities by ProCheckUp.com, BEA released three advisories today. These advisories, numbers 179, 180, and 181, can be found at http://dev2dev.bea.com/advisoriesnotifications/ and contain remedies for the problems identified by ProCheckUp.com.
That same web page also has information about BEA's advisory policy, how to report vulnerabilities in BEA products to BEA, and other vulnerability-related material.
Neil Smithline
Corporate Security Architect
BEA Systems
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
