7.5

CVE-2004-0470

EPSS 2.33%
Veröffentlicht 07.07.2004 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bea ≫ Weblogic Server Version7.0

Bea ≫ Weblogic Server Version7.0 Editionexpress

Bea ≫ Weblogic Server Version8.1

Bea ≫ Weblogic Server Version8.1 Editionexpress

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.33%	0.833

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_59.00.jsp

Patch

Vendor Advisory

http://secunia.com/advisories/11593

http://securitytracker.com/id?1010128

http://www.kb.cert.org/vuls/id/950070

Third Party Advisory

US Government Resource

http://www.osvdb.org/6076

http://www.securityfocus.com/bid/10328

https://exchange.xforce.ibmcloud.com/vulnerabilities/16123

https://nvd.nist.gov/vuln/detail/CVE-2004-0470

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-0470

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-0470

EUVD