CVE Vulnerabilities

CVE-2006-0421

Published: Jan 25, 2006 | Modified: Jul 20, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended.

Affected Software

Name Vendor Start Version End Version
Weblogic_server Bea 6.1 6.1
Weblogic_server Bea 7.0 7.0
Weblogic_server Bea 6.1 6.1
Weblogic_server Bea 7.0 7.0

References