Описание
BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.1 (включая)
Одно из
cpe:2.3:a:bea:weblogic_server:*:sp5:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00511
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions.
EPSS
Процентиль: 66%
0.00511
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other