Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2007-2701

The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote attackers to bypass the security access policy and "send unauthorized messages to a protected queue."

  • Published: May 16, 2007
  • Updated: Apr 13, 2023
  • CVE: CVE-2007-2701
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.6
  • AV:N/AC:H/Au:S/C:P/I:P/A:P

No CWE or OWASP classifications available.

Software From Fixed in
bea / weblogic_server 7.0-sp7 7.0-sp7.x
bea / weblogic_server 8.1 8.1.x
bea / weblogic_server 7.0-sp4 7.0-sp4.x
bea / weblogic_server 7.0 7.0.x
bea / weblogic_server 7.0-sp6 7.0-sp6.x
bea / weblogic_server 7.0-sp3 7.0-sp3.x
bea / weblogic_server 8.1-sp5 8.1-sp5.x
bea / weblogic_server 8.1-sp3 8.1-sp3.x
bea / weblogic_server 7.0-sp2 7.0-sp2.x
bea / weblogic_server 7.0-sp5 7.0-sp5.x
bea / weblogic_server 8.1-sp2 8.1-sp2.x
bea / weblogic_server 7.0-sp1 7.0-sp1.x
bea / weblogic_server 8.1-sp1 8.1-sp1.x
bea / weblogic_server 8.1-sp4 8.1-sp4.x