CVE-2004-2696

critical

Description

BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/16421

http://www.securityfocus.com/bid/10545

http://www.osvdb.org/7081

http://securitytracker.com/id?1010493

http://secunia.com/advisories/11865

http://dev2dev.bea.com/pub/advisory/59

Details

Source: Mitre, NVD

Published: 2004-12-31

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00545