CVE-2004-0715
WebLogic Server/Express <8.1.SP2 & 7.0.SP4 - Privilege Escalation
Title source: llmDescription
The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.
References (7)
Core 7
Core References
Various Sources x_refsource_confirm
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_52.01.jsp
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/5299
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/470470
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1009763
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10130
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11356
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15861
Scores
EPSS
0.0171
EPSS Percentile
82.6%
Details
Status
published
Products (2)
bea/weblogic_server
7.0 (15 CPE variants)
bea/weblogic_server
8.1 (9 CPE variants)
Published
Jul 27, 2004
Tracked Since
Feb 18, 2026