CVE-2003-1438 — Race Condition in Weblogic Server

CWE-362 — Race Condition3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 51.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

BEA Weblogic Server

Timeline

PublishedDec 31

Latest updateApr 29

Description

Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDbea/weblogic_server5 versions+4

Patches

Patch: dev.bea.com ↗Patch: dev.bea.com ↗

🔴Vulnerability Details

GHSA

GHSA-544j-365h-qj92: Race condition in BEA WebLogic Server and Express 5↗2022-04-29

▶

CVEList

CVE-2003-1438: Race condition in BEA WebLogic Server and Express 5↗2007-10-23

▶