Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2004-2696

BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call.

Published

2004-12-31T05:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.0

Impact Score

4.9

Weaknesses
  • Type: Primary
    CWE-255
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0.0.1 Yes
Application bea weblogic_server 7.0.0.1 Yes
Application bea weblogic_server 7.0.0.1 Yes
Application bea weblogic_server 7.0.0.1 Yes
Application bea weblogic_server 7.0.0.1 Yes
Application bea weblogic_server 7.0.0.1 Yes
Application bea weblogic_server 7.0.0.1 Yes
Application bea weblogic_server 7.0.0.1 Yes
Application bea weblogic_server 7.0.0.1 Yes
Application bea weblogic_server 7.0.0.1 Yes
Application bea weblogic_server 7.0.0.1 Yes
Application bea weblogic_server 7.0.0.1 Yes
Application bea weblogic_server 7.0.0.1 Yes
Application bea weblogic_server 8.1 Yes
Application bea weblogic_server 8.1 Yes
Application bea weblogic_server 8.1 Yes
Application bea weblogic_server 8.1 Yes
Application bea weblogic_server 8.1 Yes
Application bea weblogic_server 8.1 Yes
Application bea weblogic_server 8.1 Yes
Application bea weblogic_server 8.1 Yes
Application bea weblogic_server 8.1 Yes
References