BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, and 7.0 SP6 and previous versions, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security role to the Admin security role.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bea weblogic server 7.0 |
||
bea weblogic server 8.1 |