CVE-2006-0432

critical

Description

Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which prevents the server from properly protecting JNDI resources.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24299

http://www.vupen.com/english/advisories/2006/0313

http://www.securityfocus.com/bid/16358

http://securitytracker.com/id?1015528

http://secunia.com/advisories/18592

http://dev2dev.bea.com/pub/advisory/176

Details

Source: Mitre, NVD

Published: 2006-01-25

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00105