CVE-2004-0470

{"id": "CVE-2004-0470", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2004-07-07T04:00:00.000", "references": [{"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_59.00.jsp", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/11593", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1010128", "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/950070", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/6076", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/10328", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16123", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application."}, {"lang": "es", "value": "BEA WebLogic Server y WebLocic Express 7.0 hasta SP5 y 8.1 hasta SP2, cuando se edita weblogic.xml usando WebLocic Builder o el m\u00e9todo SecurityRoleAssignmentMBean.toXML, quita de manera inadvertida etiquetas de asignaci\u00f3n de papel de seguridad cuando weblogic.xml no tiene una etiqueta de nombre principal, lo que puede eliminar las restricciones de acceso pretendidas para la aplicaci\u00f3n web asociada."}], "lastModified": "2017-07-11T01:30:11.150", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9C5AFCF-79D8-4005-B800-B0C6BD461276"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBDF3AC0-0680-4EEE-898C-47D194667BE2"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E08D4CEA-9ACC-4869-BC87-3524A059914F"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADED8968-EA9C-4F0E-AD2F-BC834F4D8A58"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}