Vulnerability Details CVE-2004-0715
The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 82.8%
CVSS Severity
CVSS v2 Score 5.1
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_52.01.jsp
- http://secunia.com/advisories/11356
- http://securitytracker.com/id?1009763
- http://www.kb.cert.org/vuls/id/470470
- http://www.osvdb.org/5299
- http://www.securityfocus.com/bid/10130
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15861
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_52.01.jsp
- http://secunia.com/advisories/11356
- http://securitytracker.com/id?1009763
- http://www.kb.cert.org/vuls/id/470470
- http://www.osvdb.org/5299
- http://www.securityfocus.com/bid/10130
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15861
Products affected by CVE-2004-0715
-
cpe:2.3:a:bea:weblogic_server:7.0
-
cpe:2.3:a:bea:weblogic_server:8.1