Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
BEA WebLogic验证提供方权限继承漏洞
Vulnerability Description
BEA Systems WebLogic包含多种应用系统集成方案,包括Server/Express/Integration等。 BEA WebLogic Server包含的验证提供方(Authentication Provider)存在安全问题,本地攻击者可以利用这个漏洞未授权进行管理访问。 问题存在于安全域中使用WebLogic验证提供方作为默认验证提供者的配置情况下,当下面的事件发生时会存在此问题: 1、系统管理员建立一组(如Group1)。 2、系统管理员然后建立Group2组。 3、系统管理员使G
CVSS Information
N/A
Vulnerability Type
N/A