CVE-2008-0897

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server versions 9.0 through 10.0

Description The issue allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions.

Recommendations For BEA WebLogic Server versions 9.0 through 10.0, consider restricting access to JMS Topic or secured Distributed Topic member destinations to prevent unauthorized message reception. As a temporary workaround, review and adjust permissions to ensure only authorized users have "receive" permissions.