HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2008-0897

CVSS 7.9v2.0pub. 2008-02-22upd. 2026-04-23

Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions.

CVSS Vector
AV:N/AC:M/Au:S/C:C/I:C/A:N
  • Bea Weblogic Server

    APP
    Bea
    10.09.09.19.2
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2005-1744CRITICAL9.8ten sam produkt

BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application...

CVE-2008-3257HIGH10.0ten sam produkt

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic ...

CVE-2008-0901HIGH7.1ten sam produkt

BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guess...

CVE-2007-4617HIGH7.8ten sam produkt

Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold thro...

CVE-2007-4614HIGH7.5ten sam produkt

BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log t...