CVE-2002-2141

BEA WebLogic Server & Express 7.0-7.0.0.1 - Privilege Escalation

Title source: llm
STIX 2.1

Description

BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, which could allow remote attackers to conduct unauthorized activities in violation of the intended restrictions.

References (3)

Core 3
Core References
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/10291.php
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5846
Vendor Advisory vendor-advisory x_refsource_bea
http://dev2dev.bea.com/pub/advisory/39

Scores

EPSS 0.0072
EPSS Percentile 72.7%

Details

Status published
Products (2)
bea/weblogic_server 7.0 (2 CPE variants)
bea/weblogic_server 7.0.0.1 (2 CPE variants)
Published Dec 31, 2002
Tracked Since Feb 18, 2026