{"type": "osvdb", "published": "2006-01-24T11:43:22", "href": "https://vulners.com/osvdb/OSVDB:22773", "bulletinFamily": "software", "cvss": {"vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/", "score": 2.1}, "viewCount": 0, "edition": 1, "reporter": "OSVDB", "title": "BEA WebLogic Security Provider Activiation Weakness", "affectedSoftware": [{"operator": "eq", "version": "9.0", "name": "WebLogic Server"}], "enchantments": {"score": {"value": 5.7, "vector": "NONE", "modified": "2017-04-28T13:20:19", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-0429"]}], "modified": "2017-04-28T13:20:19", "rev": 2}, "vulnersScore": 5.7}, "references": [], "id": "OSVDB:22773", "lastseen": "2017-04-28T13:20:19", "cvelist": ["CVE-2006-0429"], "modified": "2006-01-24T11:43:22", "description": "## Vulnerability Description\nBEA WebLogic contains a flaw that may lead to an administrator believing that a new security provider has been activated even though it is not active yet. This is because WebLogic does not activate a security provider before the system is rebooted. This may lead to a loss of integrity.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.\n## Short Description\nBEA WebLogic contains a flaw that may lead to an administrator believing that a new security provider has been activated even though it is not active yet. This is because WebLogic does not activate a security provider before the system is rebooted. This may lead to a loss of integrity.\n## References:\n[Vendor Specific Advisory URL](http://dev2dev.bea.com/pub/advisory/173)\nSecurity Tracker: 1015528\n[Secunia Advisory ID:18592](https://secuniaresearch.flexerasoftware.com/advisories/18592/)\nKeyword: BEA06-116.00\nISS X-Force ID: 24298\nFrSIRT Advisory: ADV-2006-0313\n[CVE-2006-0429](https://vulners.com/cve/CVE-2006-0429)\nBugtraq ID: 16358\n"}

{"cve": [{"lastseen": "2020-10-03T11:48:12", "description": "BEA WebLogic Server and WebLogic Express 9.0 causes new security providers to appear active even if they have not been activated by a server reboot, which could cause an administrator to perform inappropriate, security-relevant actions.", "edition": 3, "cvss3": {}, "published": "2006-01-25T23:07:00", "title": "CVE-2006-0429", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0429"], "modified": "2017-07-20T01:29:00", "cpe": ["cpe:/a:bea:weblogic_server:9.0"], "id": "CVE-2006-0429", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0429", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:bea:weblogic_server:9.0:*:express:*:*:*:*:*"]}]}