Vulnerability Description
The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain.
CVSS Score
4.6
MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Tuxedo | 7.1 |
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA00-08.jspPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6326
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA00-08.jspPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6326
FAQ
What is CVE-2001-1477?
CVE-2001-1477 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remo...
How severe is CVE-2001-1477?
CVE-2001-1477 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1477?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Tuxedo.