CVE-2008-0897

High CVSS 7.9

Overview

Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions.

CWE: CWE-264 Published: 2008-02-22T21:44:00.000

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.9 (HIGH)
Detected tags: none (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags