Vulnerability Description
The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 7.0 |
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_52.01.jsp
- http://secunia.com/advisories/11356
- http://securitytracker.com/id?1009763
- http://www.kb.cert.org/vuls/id/470470Third Party AdvisoryUS Government Resource
- http://www.osvdb.org/5299
- http://www.securityfocus.com/bid/10130PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15861
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_52.01.jsp
- http://secunia.com/advisories/11356
- http://securitytracker.com/id?1009763
- http://www.kb.cert.org/vuls/id/470470Third Party AdvisoryUS Government Resource
- http://www.osvdb.org/5299
- http://www.securityfocus.com/bid/10130PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15861
FAQ
What is CVE-2004-0715?
CVE-2004-0715 is a vulnerability with a CVSS score of 5.1 (MEDIUM). The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can ca...
How severe is CVE-2004-0715?
CVE-2004-0715 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0715?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.