CVE-2004-0470Weblogic Server vulnerability

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
1.9%
top 16.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
BEA Weblogic Server
Timeline
PublishedJul 7
Latest updateApr 29

Description

BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDbea/weblogic_server7.0, 8.1+1

Patches

Patch: dev2dev.bea.comPatch: dev2dev.bea.com

🔴Vulnerability Details

2
GHSA
GHSA-3vcj-6338-x74x: BEA WebLogic Server and WebLogic Express 72022-04-29
CVEList
CVE-2004-0470: BEA WebLogic Server and WebLogic Express 72004-05-20
CVE-2004-0470 — BEA Weblogic Server vulnerability | cvebase