cbcvebase.
CVE-2007-0418
published 2007-01-23

CVE-2007-0418: BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that…

PriorityP431high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.61%
72.9th percentile
BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods.

Affected

6 ranges
VendorProductVersion rangeFixed in
beaweblogic_server<= 7.0
beaweblogic_server<= 8.1
beaweblogic_server
beaweblogic_server
beaweblogic_server
beaweblogic_server

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat1.2LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.