CVE-2008-0897Weblogic Server vulnerability

CWE-2643 documents3 sources
Severity
7.9HIGHNVD
EPSS
0.2%
top 59.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
BEA Weblogic Server
Timeline
PublishedFeb 22
Latest updateMay 1

Description

Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions.

CVSS vector

AV:N/AC:M/C:C/I:C/A:NExploitability: 6.8 | Impact: 9.2

Affected Packages1 packages

NVDbea/weblogic_server4 versions+3

Patches

Patch: dev2dev.bea.comPatch: dev2dev.bea.com

🔴Vulnerability Details

2
GHSA
GHSA-2qr7-7g7g-79mr: Unspecified vulnerability in BEA WebLogic Server 92022-05-01
CVEList
CVE-2008-0897: Unspecified vulnerability in BEA WebLogic Server 92008-02-22
CVE-2008-0897 — BEA Weblogic Server vulnerability | cvebase