VYPR
Unrated severityNVD Advisory· Published Jan 23, 2007· Updated Jun 16, 2026

CVE-2007-0418

CVE-2007-0418

Description

BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:*:sp5:*:*:*:*:*:*range: <=8.1
    • cpe:2.3:a:bea:weblogic_server:*:sp6:*:*:*:*:*:*range: <=7.0
  • Range: >=7.0, <=7.0 SP6; >=8.1, <=8.1 SP5; 9.0; 9.1

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.