BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges.
2005-12-31T05:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | bea | weblogic_server | 7.0 | Yes |
Application | bea | weblogic_server | 7.0 | Yes |
Application | bea | weblogic_server | 7.0 | Yes |
Application | bea | weblogic_server | 7.0 | Yes |
Application | bea | weblogic_server | 7.0 | Yes |
Application | bea | weblogic_server | 7.0 | Yes |
Application | bea | weblogic_server | 7.0 | Yes |
Application | bea | weblogic_server | 7.0 | Yes |
Application | bea | weblogic_server | 7.0 | Yes |
Application | bea | weblogic_server | 7.0 | Yes |
Application | bea | weblogic_server | 7.0 | Yes |
Application | bea | weblogic_server | 7.0 | Yes |
Application | bea | weblogic_server | 8.1 | Yes |
Application | bea | weblogic_server | 8.1 | Yes |
Application | bea | weblogic_server | 8.1 | Yes |
Application | bea | weblogic_server | 8.1 | Yes |
Application | bea | weblogic_server | 8.1 | Yes |
Application | bea | weblogic_server | 8.1 | Yes |
Application | bea | weblogic_server | 8.1 | Yes |
Application | bea | weblogic_server | 8.1 | Yes |
Application | bea | weblogic_server | 8.1 | Yes |
Application | bea | weblogic_server | 8.1 | Yes |