Описание
BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings.
Ссылки
- Product
- Broken LinkVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Broken Link
- Product
- Broken LinkVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Broken Link
Уязвимые конфигурации
Конфигурация 1Версия до 7.0 (включая)
cpe:2.3:a:bea:weblogic_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00725
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-459
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings.
EPSS
Процентиль: 72%
0.00725
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-459