BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Weblogic_server | Bea | * | 8.1 |
Weblogic_server | Bea | 8.1 | 8.1 |
Weblogic_server | Bea | 9.0 | 9.0 |
Weblogic_server | Bea | 7.0 | 7.0 |
Weblogic_server | Bea | 9.1 | 9.1 |
Weblogic_server | Bea | * | 7.0 |