Vulnerabilities > CVE-2006-0421 - Multiple vulnerability in BEA WebLogic

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

bea

NVD

Published: 2006-01-25

Updated: 2017-07-20

Summary

By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended.

Vulnerable Configurations

Part	Description	Count
Application	Bea BEA Weblogic Server 6.1 BEA Weblogic Server 7.0	4

References

http://dev2dev.bea.com/pub/advisory/165
http://secunia.com/advisories/18581
http://securitytracker.com/id?1015528
http://www.securityfocus.com/bid/16358
http://www.vupen.com/english/advisories/2006/0313
https://exchange.xforce.ibmcloud.com/vulnerabilities/24286