7.5
CVE-2007-0416
- EPSS 1.6%
- Veröffentlicht 23.01.2007 00:28:00
- Zuletzt bearbeitet 16.06.2026 22:35:31
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bea ≫ Weblogic Server Version9.0
Bea ≫ Weblogic Server Version9.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.6% | 0.727 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://secunia.com/advisories/23750
http://www.securityfocus.com/bid/22082
http://www.vupen.com/english/advisories/2007/0213
http://securitytracker.com/id?1017525
http://dev2dev.bea.com/pub/advisory/210
http://osvdb.org/38510