VYPR
Unrated severityNVD Advisory· Published Jan 23, 2007· Updated Jun 16, 2026

CVE-2007-0416

CVE-2007-0416

Description

The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security.

Affected products

3
  • cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*
    • (no CPE)range: 9.0, 9.1

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.