PT-2001-2567 · Oracle · Bea Tuxedo

Publicado

2001-12-31

Atualizado

2017-07-11

CVE-2001-1477

CVSS v2.0

4.6

Média

Vetor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions BEA Tuxedo version 7.1

Description The issue concerns the Domain gateway in BEA Tuxedo, which fails to perform authorization checks for imported services and qspaces on remote domains, even when an Access Control List (ACL) is in place. This allows users to access services in a remote domain without proper authorization.

Recommendations For BEA Tuxedo version 7.1, consider implementing additional authorization checks for imported services and qspaces on remote domains to restrict unauthorized access until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2001-1477

Produtos afetados

Bea Tuxedo

PT-2001-2567 · Oracle · Bea Tuxedo

CVE-2001-1477

Identificadores relacionados

Produtos afetados

Referências · 3