CVE-2004-0715

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server versions 7.0 through SP4 BEA WebLogic Server versions 8.1 through SP2 BEA WebLogic Express versions 7.0 through SP4 BEA WebLogic Express versions 8.1 through SP2

Description The issue arises from the WebLogic Authentication provider not properly clearing member relationships when a group is deleted. This can lead to a new group with the same name inheriting the members of the old group, potentially allowing group members to gain privileges.

Recommendations For BEA WebLogic Server versions 7.0 through SP4, update the authentication provider to properly handle group deletions. For BEA WebLogic Server versions 8.1 through SP2, update the authentication provider to properly handle group deletions. For BEA WebLogic Express versions 7.0 through SP4, update the authentication provider to properly handle group deletions. For BEA WebLogic Express versions 8.1 through SP2, update the authentication provider to properly handle group deletions.