cbcvebase.
CVE-2004-0470
published 2004-07-07

CVE-2004-0470: BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the…

PriorityP425high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.69%
84.0th percentile
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application.

Affected

2 ranges
VendorProductVersion rangeFixed in
beaweblogic_server
beaweblogic_server
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.