Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-2696

The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server.

Published

2007-05-16T01:19:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

6.4

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 6.1 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 7.0 Yes
Application bea weblogic_server 8.1 Yes
Application bea weblogic_server 8.1 Yes
Application bea weblogic_server 8.1 Yes
Application bea weblogic_server 8.1 Yes
Application bea weblogic_server 8.1 Yes
Application bea weblogic_server 8.1 Yes
References