HIGH✓ PATCH🇬🇧 English

CVE-2007-4614

CVSS 7.5v2.0pub. 2007-08-31upd. 2026-04-23

BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Bea Weblogic Server

    APP
    Bea
    9.1
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2005-1744CRITICAL9.8ten sam produkt

BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application...

CVE-2008-3257HIGH10.0ten sam produkt

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic ...

CVE-2008-0901HIGH7.1ten sam produkt

BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guess...

CVE-2008-0897HIGH7.9ten sam produkt

Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "r...

CVE-2007-4618HIGH7.8ten sam produkt

Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote a...