BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, in certain βheavy usageβ scenarios, report incorrect severity levels for an audit event, which might allow attackers to perform unauthorized actions and avoid detection.