Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2008-0898

The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access restrictions for protected distributed queues.

  • Published: Feb 22, 2008
  • Updated: Apr 13, 2023
  • CVE: CVE-2008-0898
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

Software From Fixed in
bea / weblogic_server 9.2-mp2 9.2-mp2.x
bea / weblogic_server 9.0 9.0.x
bea / weblogic_server 9.2 9.2.x
bea / weblogic_server 9.0-sp3 9.0-sp3.x
bea / weblogic_server 9.0-sp1 9.0-sp1.x
bea / weblogic_server 9.0-ga 9.0-ga.x
bea / weblogic_server 9.0-sp5 9.0-sp5.x
bea / weblogic_server 9.0-sp2 9.0-sp2.x
bea / weblogic_server 9.1 9.1.x
bea / weblogic_server 10.0 10.0.x
bea / weblogic_server 9.2-mp1 9.2-mp1.x
bea / weblogic_server 9.0-sp4 9.0-sp4.x
bea / weblogic_server 9.1-ga 9.1-ga.x