PT-2006-1488 · Bea · Oracle Weblogic Server+1

Publicado

2006-01-25

Atualizado

2017-07-20

CVE-2006-0421

CVSS v2.0

4.6

Média

Vetor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server and WebLogic Express versions 6.1 and 7.0

Description The issue allows administrators of any created domain to access other created domains when multiple domains are created from the same WebLogic instance on the same machine, potentially granting unintended privileges.

Recommendations For versions 6.1 and 7.0, consider restricting access to domains and implementing strict access controls to minimize the risk of unauthorized domain access.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-0421

Produtos afetados

Weblogic Express

Oracle Weblogic Server

PT-2006-1488 · Bea · Oracle Weblogic Server+1

CVE-2006-0421

Identificadores relacionados

Produtos afetados

Referências · 8