CVE-2007-0417

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server versions 7.0 through 7.0 SP7 BEA WebLogic Server versions 8.1 through 8.1 SP5 BEA WebLogic Server version 9.0 BEA WebLogic Server version 9.1

Description The issue allows attackers to execute certain EJB container persistence operations with an administrative identity when using the WebLogic Server 6.1 compatibility realm.

Recommendations For BEA WebLogic Server versions 7.0 through 7.0 SP7, consider disabling the WebLogic Server 6.1 compatibility realm until a patch is available. For BEA WebLogic Server versions 8.1 through 8.1 SP5, consider disabling the WebLogic Server 6.1 compatibility realm until a patch is available. For BEA WebLogic Server version 9.0, consider disabling the WebLogic Server 6.1 compatibility realm until a patch is available. For BEA WebLogic Server version 9.1, consider disabling the WebLogic Server 6.1 compatibility realm until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.