Vulnerabilities > CVE-2007-2696 - Remote Security vulnerability in BEA Weblogic Server 6.1/7.0/8.1

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

bea

NVD

Published: 2007-05-16

Updated: 2017-07-29

Summary

The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server.

Vulnerable Configurations

Part	Description	Count
Application	Bea BEA Weblogic Server 6.1 BEA Weblogic Server 7.0 BEA Weblogic Server 8.1	21

References

http://dev2dev.bea.com/pub/advisory/228
http://osvdb.org/36073
http://secunia.com/advisories/25284
http://securitytracker.com/id?1018057
http://www.vupen.com/english/advisories/2007/1815
https://exchange.xforce.ibmcloud.com/vulnerabilities/34284