Description
BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/38511
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1017525
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23750
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/22082
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0213
Patch, Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/211
Scores
EPSS
0.0094
EPSS Percentile
76.5%
Details
Status
published
Products (5)
bea/weblogic_server
7.0
bea/weblogic_server
8.1 (2 CPE variants)
bea/weblogic_server
9.0
bea/weblogic_server
9.1
bea/weblogic_server
< 7.0
Published
Jan 23, 2007
Tracked Since
Feb 18, 2026