CVE-2004-0715Weblogic Server vulnerability

3 documents3 sources
Severity
5.1MEDIUMNVD
EPSS
1.7%
top 17.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
BEA Weblogic Server
Timeline
PublishedJul 27
Latest updateApr 29

Description

The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

NVDbea/weblogic_server7.0, 8.1+1

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-m585-h5rv-5jf5: The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 82022-04-29
CVEList
CVE-2004-0715: The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 82004-07-21
CVE-2004-0715 — BEA Weblogic Server vulnerability | cvebase