Lucene search

K
cve[email protected]CVE-2001-1477
HistoryDec 31, 2001 - 5:00 a.m.

CVE-2001-1477

2001-12-3105:00:00
NVD-CWE-Other
web.nvd.nist.gov
27
cve-2001-1477
bea tuxedo
authorization
access control
domain gateway
nvd

7.4 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

10.9%

The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain.

CPENameOperatorVersion
bea:tuxedobea tuxedoeq7.1

7.4 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

10.9%