HIGH✓ PATCH🇬🇧 English

CVE-2008-0897

CVSS 7.9v2.0pub. 2008-02-22upd. 2026-04-23

Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions.

oryginał EN
CVSS Vector
AV:N/AC:M/Au:S/C:C/I:C/A:N
  • Bea Weblogic Server

    APP
    Bea
    10.09.09.19.2
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2005-1744CRITICAL9.8ten sam produkt

BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application...

CVE-2008-3257HIGH10.0ten sam produkt

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic ...

CVE-2008-0901HIGH7.1ten sam produkt

BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guess...

CVE-2007-4617HIGH7.8ten sam produkt

Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold thro...

CVE-2007-4614HIGH7.5ten sam produkt

BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log t...