CVE-2007-0417

BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity.

Published: Jan 23, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-0417
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
bea / weblogic_server	8.1	8.1.x
bea / weblogic_server	9.0	9.0.x
bea / weblogic_server	7.0	7.0.x
bea / weblogic_server	8.1-sp5	8.1-sp5.x
bea / weblogic_server	9.1	9.1.x
bea / weblogic_server	-	7.0.x

http://dev2dev.bea.com/pub/advisory/211
http://osvdb.org/38511
http://secunia.com/advisories/23750
http://securitytracker.com/id?1017525
http://www.securityfocus.com/bid/22082
http://www.vupen.com/english/advisories/2007/0213

Vulnerability Database

289,599

CVE-2007-0417