CVE-2008-0898Weblogic Server vulnerability

CWE-2643 documents3 sources
Severity
5.8MEDIUMNVD
EPSS
0.2%
top 54.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
BEA Weblogic Server
Timeline
PublishedFeb 22
Latest updateMay 1

Description

The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access restrictions for protected distributed queues.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

NVDbea/weblogic_server4 versions+3

Patches

Patch: dev2dev.bea.comPatch: dev2dev.bea.com

🔴Vulnerability Details

2
GHSA
GHSA-54xh-jmx9-967x: The distributed queue feature in JMS in BEA WebLogic Server 92022-05-01
CVEList
CVE-2008-0898: The distributed queue feature in JMS in BEA WebLogic Server 92008-02-22
CVE-2008-0898 — BEA Weblogic Server vulnerability | cvebase