CVE-2007-4614

BEA WebLogic Server 9.1 - Auth Bypass

Title source: llm

Description

BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426.

References (3)

[Patch] http://dev2dev.bea.com/pub/advisory/216

[Patch] http://www.securityfocus.com/bid/22082

[Third Party Advisory, VDB Entry] http://osvdb.org/45839

Scores

EPSS 0.0037

EPSS Percentile 58.1%

Classification

CWE

CWE-264

Status draft

Affected Products (1)

bea/weblogic_server

Timeline

Published Aug 31, 2007

Tracked Since Feb 18, 2026