CVE-2007-2701Weblogic Server vulnerability

3 documents3 sources
Severity
4.6MEDIUMNVD
EPSS
0.6%
top 31.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
BEA Weblogic Server
Timeline
PublishedMay 16
Latest updateMay 1

Description

The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote attackers to bypass the security access policy and "send unauthorized messages to a protected queue."

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

NVDbea/weblogic_server7.0, 8.1+1

Patches

Patch: dev2dev.bea.comPatch: securitytracker.comPatch: dev2dev.bea.com

🔴Vulnerability Details

2
GHSA
GHSA-8f4j-6g66-v4jj: The JMS Message Bridge in BEA WebLogic Server 72022-05-01
CVEList
CVE-2007-2701: The JMS Message Bridge in BEA WebLogic Server 72007-05-16
CVE-2007-2701 — BEA Weblogic Server vulnerability | cvebase