Description
The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote attackers to bypass the security access policy and "send unauthorized messages to a protected queue."
References (6)
Core 6
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/234
Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1018057
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25284
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34287
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1815
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/36067
Scores
EPSS
0.0058
EPSS Percentile
69.1%
Details
Status
published
Products (2)
bea/weblogic_server
7.0 (8 CPE variants)
bea/weblogic_server
8.1 (6 CPE variants)
Published
May 16, 2007
Tracked Since
Feb 18, 2026