CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2007-0432
https://notcve.org/view.php?id=CVE-2007-0432
23 Jan 2007 — BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject malformed request messages to a proxy service, which might allow remote attackers to bypass authorization policies and route requests to back-end services or conduct other unauthorized activities. BEA AquaLogic Service Bus 2.0, 2.1, y 2.5 no rechaza adecuadamente mensajes de petición mal formados a un servicio proxy, lo cual podría permitir a atacantes remotos evitar políticas de autorización y encaminar peticiones a servicios secundarios ... • http://dev2dev.bea.com/pub/advisory/224 •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2007-0433
https://notcve.org/view.php?id=CVE-2007-0433
23 Jan 2007 — Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled. Vulnerabilidad no especificada en BEA AquaLogic Enterprise Security 2.0 hasta 2.0 SP2, 2.1 hasta 2.1 SP1, y 2.2, cuando se usa LDAP del Directorio Activo para la autenticación, permite a usuarios autenticados remotamente acceder al servidor incluso... • http://dev2dev.bea.com/pub/advisory/221 •