Vulnerability Details CVE-2006-0421
By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.4%
CVSS Severity
CVSS v2 Score 4.6
References
- http://dev2dev.bea.com/pub/advisory/165
- http://secunia.com/advisories/18581
- http://securitytracker.com/id?1015528
- http://www.securityfocus.com/bid/16358
- http://www.vupen.com/english/advisories/2006/0313
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24286
- http://dev2dev.bea.com/pub/advisory/165
- http://secunia.com/advisories/18581
- http://securitytracker.com/id?1015528
- http://www.securityfocus.com/bid/16358
- http://www.vupen.com/english/advisories/2006/0313
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24286
Products affected by CVE-2006-0421
-
cpe:2.3:a:bea:weblogic_server:6.1
-
cpe:2.3:a:bea:weblogic_server:7.0