{"type": "osvdb", "published": "2004-09-13T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:9977", "bulletinFamily": "software", "cvss": {"vector": "NONE", "score": 0.0}, "viewCount": 4, "edition": 1, "reporter": "BEA Systems()", "title": "BEA WebLogic Active Directory LDAP Account Lockout Bypass", "affectedSoftware": [{"operator": "eq", "version": "7.0 SP5", "name": "WebLogic Server and WebLogic Express"}, {"operator": "eq", "version": "8.1 SP1", "name": "WebLogic Server and WebLogic Express"}, {"operator": "eq", "version": "7.0 SP2", "name": "WebLogic Server and WebLogic Express"}, {"operator": "eq", "version": "7.0 SP3", "name": "WebLogic Server and WebLogic Express"}, {"operator": "eq", "version": "7.0", "name": "WebLogic Server and WebLogic Express"}, {"operator": "eq", "version": "8.1", "name": "WebLogic Server and WebLogic Express"}, {"operator": "eq", "version": "7.0 SP4", "name": "WebLogic Server and WebLogic Express"}, {"operator": "eq", "version": "8.1 SP2", "name": "WebLogic Server and WebLogic Express"}, {"operator": "eq", "version": "7.0 SP1", "name": "WebLogic Server and WebLogic Express"}], "enchantments": {"score": {"value": 0.1, "vector": "NONE", "modified": "2017-04-28T13:20:05", "rev": 2}, "dependencies": {"references": [], "modified": "2017-04-28T13:20:05", "rev": 2}, "vulnersScore": 0.1}, "references": [], "id": "OSVDB:9977", "lastseen": "2017-04-28T13:20:05", "cvelist": [], "modified": "2004-09-13T00:00:00", "description": "## Vulnerability Description\nWebLogic Server and WebLogic Express contains a flaw that may allow a malicious user to gain access using a disabled account. The issue is triggered when WebLogic Server/Express uses Active Directory LDAP for authentication. It is possible that the flaw may allow unauthorized access resulting in a loss of confidentiality and/or integrity.\n## Solution Description\nUpgrade to version 8.1 SP3 or higher, as it has been reported to fix this vulnerability. Users of 7.0 should ugrade to Service Pack 5 and apply the vendor patch, as it has been reported to fix this vulnerability.\n## Short Description\nWebLogic Server and WebLogic Express contains a flaw that may allow a malicious user to gain access using a disabled account. The issue is triggered when WebLogic Server/Express uses Active Directory LDAP for authentication. It is possible that the flaw may allow unauthorized access resulting in a loss of confidentiality and/or integrity.\n## References:\nVendor URL: http://www.bea.com/\n[Vendor Specific Advisory URL](http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04-72.00.jsp)\n[Secunia Advisory ID:12524](https://secuniaresearch.flexerasoftware.com/advisories/12524/)\n[Related OSVDB ID: 9978](https://vulners.com/osvdb/OSVDB:9978)\n[Related OSVDB ID: 9974](https://vulners.com/osvdb/OSVDB:9974)\n[Related OSVDB ID: 9973](https://vulners.com/osvdb/OSVDB:9973)\n[Related OSVDB ID: 9972](https://vulners.com/osvdb/OSVDB:9972)\n[Related OSVDB ID: 9976](https://vulners.com/osvdb/OSVDB:9976)\n[Related OSVDB ID: 9975](https://vulners.com/osvdb/OSVDB:9975)\nKeyword: BEA04-72.00\n"}

{}