BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBea Weblogic Server
APPBea≤ 7.0
Powiązane podatności
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic ...
BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guess...
Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "r...
Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote a...
BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log t...