CVE-2004-0713Weblogic Server vulnerability

3 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
0.5%
top 33.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
BEA Weblogic Server
Timeline
PublishedJul 27
Latest updateApr 29

Description

The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDbea/weblogic_server6.1, 7.0, 8.1+2

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-g6j2-65vq-9gg9: The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 82022-04-29
CVEList
CVE-2004-0713: The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 82004-07-21
CVE-2004-0713 — BEA Weblogic Server vulnerability | cvebase