What is the severity of CVE-2005-4752?

CVE-2005-4752 is considered a critical vulnerability as it allows local users to escalate their privileges.

How do I fix CVE-2005-4752?

To fix CVE-2005-4752, upgrade to a patched version of WebLogic Server or WebLogic Express beyond 8.1 SP4 or 7.0 SP6.

Who is affected by CVE-2005-4752?

CVE-2005-4752 affects users running BEA WebLogic Server or WebLogic Express version 8.1 SP4 and earlier, and 7.0 SP6 and earlier.

What impact does CVE-2005-4752 have?

CVE-2005-4752 can allow local users to gain unauthorized access to sensitive applications by changing security roles.

Is CVE-2005-4752 exploitable by remote attackers?

CVE-2005-4752 is not directly exploitable by remote attackers as it requires local access to the system.

Vulnerability/
CVE-2005-4752

medium

4.6

CWE

NVD-CWE-Other

31/12/2005

1/4/2006

16/9/2024

CVE-2005-4752

First published: Sat Dec 31 2005(Updated: )

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security role to the Admin security role.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Oracle WebLogic Server	=8.1
Oracle WebLogic Server	=7.0-sp2
Oracle WebLogic Server	=8.1
Oracle WebLogic Server	=7.0-sp4
Oracle WebLogic Server	=7.0
Oracle WebLogic Server	=7.0-sp6
Oracle WebLogic Server	=7.0-sp3
Oracle WebLogic Server	=8.1-sp3
Oracle WebLogic Server	=7.0-sp2
Oracle WebLogic Server	=7.0-sp3
Oracle WebLogic Server	=8.1-sp4
Oracle WebLogic Server	=7.0-sp5
Oracle WebLogic Server	=7.0-sp5
Oracle WebLogic Server	=8.1-sp1
Oracle WebLogic Server	=8.1-sp3
Oracle WebLogic Server	=8.1-sp2
Oracle WebLogic Server	=7.0-sp1
Oracle WebLogic Server	=8.1-sp1
Oracle WebLogic Server	=7.0-sp1
Oracle WebLogic Server	=8.1-sp4
Oracle WebLogic Server	=8.1-sp2
Oracle WebLogic Server	=7.0
Oracle WebLogic Server	=7.0-sp6
Oracle WebLogic Server	=7.0-sp4

Remedy

http://dev2dev.bea.com/pub/advisory/142

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2005-4752?
CVE-2005-4752 is considered a critical vulnerability as it allows local users to escalate their privileges.
How do I fix CVE-2005-4752?
To fix CVE-2005-4752, upgrade to a patched version of WebLogic Server or WebLogic Express beyond 8.1 SP4 or 7.0 SP6.
Who is affected by CVE-2005-4752?
CVE-2005-4752 affects users running BEA WebLogic Server or WebLogic Express version 8.1 SP4 and earlier, and 7.0 SP6 and earlier.
What impact does CVE-2005-4752 have?
CVE-2005-4752 can allow local users to gain unauthorized access to sensitive applications by changing security roles.
Is CVE-2005-4752 exploitable by remote attackers?
CVE-2005-4752 is not directly exploitable by remote attackers as it requires local access to the system.

agent/type
agent/first-publish-date
agent/softwarecombine
agent/severity
agent/weakness
agent/references
agent/author
agent/remedy
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/bea
canonical/oracle weblogic server
version/oracle weblogic server/8.1
version/oracle weblogic server/7.0-sp2
version/oracle weblogic server/7.0-sp4
version/oracle weblogic server/7.0
version/oracle weblogic server/7.0-sp6
version/oracle weblogic server/7.0-sp3
version/oracle weblogic server/8.1-sp3
version/oracle weblogic server/8.1-sp4
version/oracle weblogic server/7.0-sp5
version/oracle weblogic server/8.1-sp1
version/oracle weblogic server/8.1-sp2
version/oracle weblogic server/7.0-sp1