5.1

CVE-2004-0715

The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BeaWeblogic Server Version7.0
BeaWeblogic Server Version7.0 Editionexpress
BeaWeblogic Server Version7.0 Editionwin32
BeaWeblogic Server Version7.0 Updatesp1
BeaWeblogic Server Version7.0 Updatesp1 Editionexpress
BeaWeblogic Server Version7.0 Updatesp1 Editionwin32
BeaWeblogic Server Version7.0 Updatesp2
BeaWeblogic Server Version7.0 Updatesp2 Editionexpress
BeaWeblogic Server Version7.0 Updatesp2 Editionwin32
BeaWeblogic Server Version7.0 Updatesp3
BeaWeblogic Server Version7.0 Updatesp3 Editionexpress
BeaWeblogic Server Version7.0 Updatesp3 Editionwin32
BeaWeblogic Server Version7.0 Updatesp4
BeaWeblogic Server Version7.0 Updatesp4 Editionexpress
BeaWeblogic Server Version7.0 Updatesp4 Editionwin32
BeaWeblogic Server Version8.1
BeaWeblogic Server Version8.1 Editionexpress
BeaWeblogic Server Version8.1 Editionwin32
BeaWeblogic Server Version8.1 Updatesp1
BeaWeblogic Server Version8.1 Updatesp1 Editionexpress
BeaWeblogic Server Version8.1 Updatesp1 Editionwin32
BeaWeblogic Server Version8.1 Updatesp2
BeaWeblogic Server Version8.1 Updatesp2 Editionexpress
BeaWeblogic Server Version8.1 Updatesp2 Editionwin32
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.1% 0.833
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
http://www.kb.cert.org/vuls/id/470470
Third Party Advisory
US Government Resource