| ID |
CVE-2006-0421
|
| Summary |
By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*
-
cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*
-
cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
-
cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*
|
| CVSS |
| Base: | 4.6 (as of 20-07-2017 - 01:29) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| refmap
via4
|
| bea | BEA06-108.00 | | bid | 16358 | | sectrack | 1015528 | | secunia | 18581 | | vupen | ADV-2006-0313 | | xf | weblogic-cross-domain-management(24286) |
|
| Last major update |
20-07-2017 - 01:29 |
| Published |
25-01-2006 - 23:07 |
| Last modified |
20-07-2017 - 01:29 |
