Unrated severityNVD Advisory· Published Jan 23, 2007· Updated Jun 16, 2026
CVE-2007-0416
CVE-2007-0416
Description
The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security.
Affected products
3cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*
- (no CPE)range: 9.0, 9.1
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.