CVE Vulnerabilities

CVE-2004-0715

Published: Jul 27, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.1 MEDIUM
AV:N/AC:H/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.

Affected Software

Name Vendor Start Version End Version
Weblogic_server Bea 7.0 7.0
Weblogic_server Bea 7.0 7.0
Weblogic_server Bea 7.0 7.0
Weblogic_server Bea 7.0 7.0
Weblogic_server Bea 7.0 7.0
Weblogic_server Bea 7.0 7.0
Weblogic_server Bea 7.0 7.0
Weblogic_server Bea 7.0 7.0
Weblogic_server Bea 7.0 7.0
Weblogic_server Bea 7.0 7.0
Weblogic_server Bea 7.0 7.0
Weblogic_server Bea 7.0 7.0
Weblogic_server Bea 7.0 7.0
Weblogic_server Bea 7.0 7.0
Weblogic_server Bea 7.0 7.0
Weblogic_server Bea 8.1 8.1
Weblogic_server Bea 8.1 8.1
Weblogic_server Bea 8.1 8.1
Weblogic_server Bea 8.1 8.1
Weblogic_server Bea 8.1 8.1
Weblogic_server Bea 8.1 8.1
Weblogic_server Bea 8.1 8.1
Weblogic_server Bea 8.1 8.1
Weblogic_server Bea 8.1 8.1

References