CVE-2004-2696

BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call.

Published: Dec 31, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-2696
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:P/I:P/A:N

CWEs:

CWE-255

Affected Software
References

Software	From	Fixed in
bea / weblogic_server	8.1	8.1.x
bea / weblogic_server	7.0-sp2	7.0-sp2.x
bea / weblogic_server	7.0.0.1-sp4	7.0.0.1-sp4.x
bea / weblogic_server	6.1-sp4	6.1-sp4.x
bea / weblogic_server	6.1	6.1.x
bea / weblogic_server	6.1-sp5	6.1-sp5.x
bea / weblogic_server	6.1-sp6	6.1-sp6.x
bea / weblogic_server	7.0-sp4	7.0-sp4.x
bea / weblogic_server	6.1-sp1	6.1-sp1.x
bea / weblogic_server	7.0	7.0.x
bea / weblogic_server	7.0.0.1-sp1	7.0.0.1-sp1.x
bea / weblogic_server	6.1-sp3	6.1-sp3.x
bea / weblogic_server	7.0-sp3	7.0-sp3.x
bea / weblogic_server	8.1-sp1	8.1-sp1.x
bea / weblogic_server	6.1-sp2	6.1-sp2.x
bea / weblogic_server	7.0.0.1	7.0.0.1.x
bea / weblogic_server	7.0-sp5	7.0-sp5.x
bea / weblogic_server	8.1-sp2	8.1-sp2.x
bea / weblogic_server	7.0.0.1-sp3	7.0.0.1-sp3.x
bea / weblogic_server	7.0-sp1	7.0-sp1.x
bea / weblogic_server	7.0.0.1-sp2	7.0.0.1-sp2.x

Vulnerability Database

289,689

CVE-2004-2696