Описание
The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.
The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2004-0715
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15861
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_52.01.jsp
- http://secunia.com/advisories/11356
- http://securitytracker.com/id?1009763
- http://www.kb.cert.org/vuls/id/470470
- http://www.osvdb.org/5299
- http://www.securityfocus.com/bid/10130
EPSS
CVE ID
Связанные уязвимости
The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.
EPSS