Description
BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426.
References (3)
Core 3
Core References
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/22082
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/45839
Patch vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/216
Scores
EPSS
0.0051
EPSS Percentile
66.7%
Details
CWE
CWE-264
Status
published
Products (1)
bea/weblogic_server
9.1
Published
Aug 31, 2007
Tracked Since
Feb 18, 2026