CVE-2007-2699Weblogic Server vulnerability

3 documents3 sources
Severity
7.1HIGHNVD
EPSS
1.3%
top 19.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
BEA Weblogic Server
Timeline
PublishedMay 16
Latest updateMay 1

Description

The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDbea/weblogic_server9.0, 9.1+1

Patches

Patch: dev2dev.bea.comPatch: securitytracker.comPatch: dev2dev.bea.com

🔴Vulnerability Details

2
GHSA
GHSA-m77f-h2h6-5qw4: The Administration Console in BEA WebLogic Express and WebLogic Server 92022-05-01
CVEList
CVE-2007-2699: The Administration Console in BEA WebLogic Express and WebLogic Server 92007-05-16
CVE-2007-2699 — BEA Weblogic Server vulnerability | cvebase