portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 up to and including 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote malicious users to enumerate valid usernames via the in_tx_fulltext parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bea aqualogic interaction 5.0.4 |
||
bea aqualogic interaction 6.0.1.218452 |
||
bea aqualogic interaction 5.0.2 |
||
bea aqualogic interaction 5.0.3 |