Описание
The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- Patch
- PatchVendor Advisory
- Vendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:9.0:*:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:9.1:*:express:*:*:*:*:*
EPSS
Процентиль: 80%
0.01337
Низкий
7.1 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.
EPSS
Процентиль: 80%
0.01337
Низкий
7.1 High
CVSS2
Дефекты
NVD-CWE-Other