Unrated severityNVD Advisory· Published Jan 25, 2006· Updated Jun 16, 2026

CVE-2006-0421

Description

By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended.

Affected products

Bea/WebLogic Server5 versions
cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*
- (no CPE)range: 7.0, 6.1
Bea/WebLogic Expressllm-fuzzy
Range: 7.0, 6.1

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

dev2dev.bea.com/pub/advisory/165nvdPatchVendor Advisory
secunia.com/advisories/18581nvdPatchVendor Advisory
securitytracker.com/idnvdPatch
www.securityfocus.com/bid/16358nvd
www.vupen.com/english/advisories/2006/0313nvd
exchange.xforce.ibmcloud.com/vulnerabilities/24286nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000