7.5

CVE-2004-0470

EPSS 2.33%
Published 07.07.2004 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application.

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Bea ≫ Weblogic Server Version7.0

Bea ≫ Weblogic Server Version7.0 Editionexpress

Bea ≫ Weblogic Server Version8.1

Bea ≫ Weblogic Server Version8.1 Editionexpress

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.33%	0.833

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_59.00.jsp

Patch

Vendor Advisory

http://secunia.com/advisories/11593

http://securitytracker.com/id?1010128

http://www.kb.cert.org/vuls/id/950070

Third Party Advisory

US Government Resource

http://www.osvdb.org/6076

http://www.securityfocus.com/bid/10328

https://exchange.xforce.ibmcloud.com/vulnerabilities/16123

https://nvd.nist.gov/vuln/detail/CVE-2004-0470

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-0470

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-0470

EUVD