HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2007-4614

CVSS 7.5v2.0pub. 2007-08-31upd. 2026-04-23

BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426.

CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Bea Weblogic Server

    APP
    Bea
    9.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2005-1744CRITICAL9.8ten sam produkt

BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application...

CVE-2008-3257HIGH10.0ten sam produkt

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic ...

CVE-2008-0901HIGH7.1ten sam produkt

BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guess...

CVE-2008-0897HIGH7.9ten sam produkt

Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "r...

CVE-2007-4618HIGH7.8ten sam produkt

Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote a...