CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
65.3%
Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.
Vendor | Product | Version | CPE |
---|---|---|---|
bea | weblogic_server | 8.1 | cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:* |
bea | weblogic_server | 8.1 | cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:* |
bea | weblogic_server | 8.1 | cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:* |
bea | weblogic_server | 8.1 | cpe:2.3:a:bea:weblogic_server:8.1:sp5:express:*:*:*:*:* |
bea | weblogic_server | 8.1 | cpe:2.3:a:bea:weblogic_server:8.1:sp6:*:*:*:*:*:* |
bea | weblogic_server | 8.1 | cpe:2.3:a:bea:weblogic_server:8.1:sp6:express:*:*:*:*:* |
bea | weblogic_server | 9.2 | cpe:2.3:a:bea:weblogic_server:9.2:*:*:*:*:*:*:* |
bea | weblogic_server | 9.2 | cpe:2.3:a:bea:weblogic_server:9.2:mp1:*:*:*:*:*:* |
bea | weblogic_server | 10.0 | cpe:2.3:a:bea:weblogic_server:10.0:*:*:*:*:*:*:* |
bea_systems | weblogic_express | 9.2 | cpe:2.3:a:bea_systems:weblogic_express:9.2:mp1:*:*:*:*:*:* |