CVE-2008-0897

BEA Weblogic Server - Access Control

Title source: rule

Description

Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions.

References (4)

Scores

EPSS 0.0019
EPSS Percentile 40.0%

Classification

CWE
CWE-264
Status draft

Affected Products (5)

bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server

Timeline

Published Feb 22, 2008
Tracked Since Feb 18, 2026