CVE-2006-0421 — Weblogic Server vulnerability

3 documents3 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 74.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

BEA Weblogic Server

Timeline

PublishedJan 25

Latest updateMay 1

Description

By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDbea/weblogic_server6.1, 7.0+1

Patches

Patch: dev2dev.bea.com ↗Patch: secunia.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-4w2c-mfgm-ff7r: By design, BEA WebLogic Server and WebLogic Express 7↗2022-05-01

▶

CVEList

CVE-2006-0421: By design, BEA WebLogic Server and WebLogic Express 7↗2006-01-25

▶