CVE-2005-4752 — Weblogic Server vulnerability
3 documents3 sources
Severity
4.6MEDIUMNVD
EPSS
0.1%
top 77.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 31
Latest updateMay 1
Description
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security role to the Admin security role.
CVSS vector
AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4