CVE-2006-0421

high

Description

By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24286

http://www.vupen.com/english/advisories/2006/0313

http://www.securityfocus.com/bid/16358

http://securitytracker.com/id?1015528

http://secunia.com/advisories/18581

http://dev2dev.bea.com/pub/advisory/165

Details

Source: Mitre, NVD

Published: 2006-01-25

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00104