VYPR
Unrated severityNVD Advisory· Published Dec 31, 2002· Updated Jun 16, 2026

CVE-2002-2141

CVE-2002-2141

Description

BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, which could allow remote attackers to conduct unauthorized activities in violation of the intended restrictions.

Affected products

5
  • cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*
  • Range: <=7.0.0.1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.