Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2004-0713

Published

19 years ago

Last Modified

6 years ago

CVSSv2.0 Severity

Medium

Impact Analysis

The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown..

CVSSv2.0 Score

Severity: Medium
Base Score: 6.4/10
Exploit Score: 10/10
Access Vector: Network
Access Complexity: Low
Authentication Required: None
Impact Score: 4.9/10
Confidentiality Impact: None
Availability Impact: Partial
Integrity Impact: Partial

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:a:bea:weblogic_server:8.1::express:::::	Yes	-	-
cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:6.1:sp4::::::	Yes	-	-
cpe:2.3:a:bea:weblogic_server:6.1::express:::::	Yes	-	-
cpe:2.3:a:bea:weblogic_server:8.1:::::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:6.1:sp5::::::	Yes	-	-
cpe:2.3:a:bea:weblogic_server:6.1:sp6::::::	Yes	-	-
cpe:2.3:a:bea:weblogic_server:7.0:sp4::::::	Yes	-	-
cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:7.0:::::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:6.1:sp4:win32:::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:6.1:sp6:win32:::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:6.1:sp3::::::	Yes	-	-
cpe:2.3:a:bea:weblogic_server:7.0:sp3::::::	Yes	-	-
cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:6.1:sp2:win32:::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:7.0:sp2::::::	Yes	-	-
cpe:2.3:a:bea:weblogic_server:6.1:sp1:win32:::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:8.1::win32:::::	Yes	-	-
cpe:2.3:a:bea:weblogic_server:6.1:sp1::::::	Yes	-	-
cpe:2.3:a:bea:weblogic_server:6.1::win32:::::	Yes	-	-
cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:8.1:sp2::::::	Yes	-	-
cpe:2.3:a:bea:weblogic_server:6.1:::::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:7.0:sp1::::::	Yes	-	-
cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:8.1:sp1::::::	Yes	-	-
cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:6.1:sp5:win32:::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:6.1:sp2::::::	Yes	-	-
cpe:2.3:a:bea:weblogic_server:7.0::win32:::::	Yes	-	-
cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:7.0::express:::::	Yes	-	-
cpe:2.3:a:bea:weblogic_server:6.1:sp3:win32:::::*	Yes	-	-
cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:::::*	Yes	-	-

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2004-0713

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

CVSSv2.0 Score

Products Affected

References

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2004-0713

CVE information

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

Description

CVSSv2.0 Score

Products Affected

References