| Vulnerability Name: | CVE-2006-0421 (CCN-24286) | ||||||||
| Assigned: | 2006-01-23 | ||||||||
| Published: | 2006-01-23 | ||||||||
| Updated: | 2017-07-20 | ||||||||
| Summary: | By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended. | ||||||||
| CVSS v3 Severity: | 4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-0421 Source: BEA Type: Patch, Vendor Advisory BEA06-108.00 Source: CCN Type: SA18581 BEA WebLogic Server/Express Multiple Domains Administrator Access Source: SECUNIA Type: Patch, Vendor Advisory 18581 Source: CCN Type: SECTRACK ID: 1015528 BEA WebLogic Multiple Bugs Let Remote Users Deny Service, Obtain Information, and Access Restricted Resources Source: SECTRACK Type: Patch 1015528 Source: CCN Type: OSVDB ID: 22778 BEA WebLogic Cross Domain Administrator Access Source: BID Type: UNKNOWN 16358 Source: CCN Type: BID-16358 BEA WebLogic Multiple Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2006-0313 Source: XF Type: UNKNOWN weblogic-cross-domain-management(24286) Source: XF Type: UNKNOWN weblogic-cross-domain-management(24286) Source: CCN Type: BEA Systems, Inc. Security Advisory: (BEA06-108.00) Documentation is available describing securing multiple-domains managed from one instance of the WebLogic Server Administration Console. | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||