Vulnerability Details CVE-2004-2696
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.5%
CVSS Severity
CVSS v2 Score 5.5
References
- http://dev2dev.bea.com/pub/advisory/59
- http://secunia.com/advisories/11865
- http://securitytracker.com/id?1010493
- http://www.osvdb.org/7081
- http://www.securityfocus.com/bid/10545
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16421
- http://dev2dev.bea.com/pub/advisory/59
- http://secunia.com/advisories/11865
- http://securitytracker.com/id?1010493
- http://www.osvdb.org/7081
- http://www.securityfocus.com/bid/10545
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16421
Products affected by CVE-2004-2696
-
cpe:2.3:a:bea:weblogic_server:6.1
-
cpe:2.3:a:bea:weblogic_server:7.0
-
cpe:2.3:a:bea:weblogic_server:7.0.0.1
-
cpe:2.3:a:bea:weblogic_server:8.1