7 High
AI Score
Confidence
Low
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:S/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
46.9%
The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.
CPE | Name | Operator | Version |
---|---|---|---|
bea:weblogic_server | bea weblogic server | eq | 9.0 |
bea:weblogic_server | bea weblogic server | eq | 9.1 |
dev2dev.bea.com/pub/advisory/231
osvdb.org/36069
packetstormsecurity.com/files/153072/Oracle-Application-Testing-Suite-WebLogic-Server-Administration-Console-War-Deployment.html
secunia.com/advisories/25284
securitytracker.com/id?1018057
www.vupen.com/english/advisories/2007/1815
exchange.xforce.ibmcloud.com/vulnerabilities/34289