VYPR
Unrated severityNVD Advisory· Published Jul 7, 2004· Updated Jun 16, 2026

CVE-2004-0470

CVE-2004-0470

Description

BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
    • (no CPE)range: 7.0 through SP5, 8.1 through SP2
  • Range: 7.0 through SP5, 8.1 through SP2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.