CVE-2006-0421

Опубликовано: 25 янв. 2006

Источник: nvd

CVSS2: 4.6

EPSS Низкий

Описание

By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended.

Ссылки

http://dev2dev.bea.com/pub/advisory/165
Patch
Vendor Advisory
http://secunia.com/advisories/18581
Patch
Vendor Advisory
http://securitytracker.com/id?1015528
Patch
http://www.securityfocus.com/bid/16358
http://www.vupen.com/english/advisories/2006/0313
https://exchange.xforce.ibmcloud.com/vulnerabilities/24286
http://dev2dev.bea.com/pub/advisory/165
Patch
Vendor Advisory
http://secunia.com/advisories/18581
Patch
Vendor Advisory
http://securitytracker.com/id?1015528
Patch
http://www.securityfocus.com/bid/16358
http://www.vupen.com/english/advisories/2006/0313
https://exchange.xforce.ibmcloud.com/vulnerabilities/24286

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*

EPSS

Процентиль: 26%

0.00093

Низкий

4.6 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-4w2c-mfgm-ff7r

github

почти 4 года назад