PT-2006-1488 · Bea · Oracle Weblogic Server+1

Published

2006-01-25

Updated

2017-07-20

CVE-2006-0421

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server and WebLogic Express versions 6.1 and 7.0

Description The issue allows administrators of any created domain to access other created domains when multiple domains are created from the same WebLogic instance on the same machine, potentially granting unintended privileges.

Recommendations For versions 6.1 and 7.0, consider restricting access to domains and implementing strict access controls to minimize the risk of unauthorized domain access.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0421

Affected Products

Weblogic Express

Oracle Weblogic Server

PT-2006-1488 · Bea · Oracle Weblogic Server+1

CVE-2006-0421

Related Identifiers

Affected Products

References · 8