Vulnerability Description
By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 6.1 |
References
- http://dev2dev.bea.com/pub/advisory/165PatchVendor Advisory
- http://secunia.com/advisories/18581PatchVendor Advisory
- http://securitytracker.com/id?1015528Patch
- http://www.securityfocus.com/bid/16358
- http://www.vupen.com/english/advisories/2006/0313
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24286
- http://dev2dev.bea.com/pub/advisory/165PatchVendor Advisory
- http://secunia.com/advisories/18581PatchVendor Advisory
- http://securitytracker.com/id?1015528Patch
- http://www.securityfocus.com/bid/16358
- http://www.vupen.com/english/advisories/2006/0313
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24286
FAQ
What is CVE-2006-0421?
CVE-2006-0421 is a vulnerability with a CVSS score of 4.6 (MEDIUM). By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to acce...
How severe is CVE-2006-0421?
CVE-2006-0421 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0421?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.