Unrated severityNVD Advisory· Published Dec 31, 2002· Updated Jun 16, 2026
CVE-2002-2141
CVE-2002-2141
Description
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, which could allow remote attackers to conduct unauthorized activities in violation of the intended restrictions.
Affected products
5cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*
- Range: <=7.0.0.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.