CVE-2006-0421
BEA WebLogic Server/Express <7.0-6.1 - Privilege Escalation
Title source: llmDescription
By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended.
References (6)
Core 6
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0313
Patch, Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/165
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24286
Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015528
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18581
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16358
Scores
EPSS
0.0009
EPSS Percentile
25.8%
Details
Status
published
Products (2)
bea/weblogic_server
6.1 (2 CPE variants)
bea/weblogic_server
7.0 (2 CPE variants)
Published
Jan 25, 2006
Tracked Since
Feb 18, 2026