CVE-2007-6384
Severity Score
9.1
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 through 3.6 SP1 allows remote attackers to obtain application file and resource access via unspecified vectors.
Vulnerabilidad no especificada en la funcionalidad Image Converter de BEA WebLogic Mobility Server 3.3, 3.5, y 3.6 hasta la 3.6 SP1. Permite que atacantes remotos obtengan el fichero de solicitud y acceso a recursos, a través de vectores sin especificar.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-12-14 CVE Reserved
- 2007-12-15 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/41880 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/4204 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39005 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/28078 | 2017-08-08 | |
| http://www.securitytracker.com/id?1019091 | 2017-08-08 |
| URL | Date | SRC |
|---|---|---|
| http://dev2dev.bea.com/pub/advisory/255 | 2017-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bea Search vendor "Bea" | Weblogic Mobility Server Search vendor "Bea" for product "Weblogic Mobility Server" | 3.3 Search vendor "Bea" for product "Weblogic Mobility Server" and version "3.3" | - |
Affected
| ||||||
| Bea Search vendor "Bea" | Weblogic Mobility Server Search vendor "Bea" for product "Weblogic Mobility Server" | 3.5 Search vendor "Bea" for product "Weblogic Mobility Server" and version "3.5" | - |
Affected
| ||||||
| Bea Search vendor "Bea" | Weblogic Mobility Server Search vendor "Bea" for product "Weblogic Mobility Server" | 3.6 Search vendor "Bea" for product "Weblogic Mobility Server" and version "3.6" | - |
Affected
| ||||||
| Bea Search vendor "Bea" | Weblogic Mobility Server Search vendor "Bea" for product "Weblogic Mobility Server" | 3.6 Search vendor "Bea" for product "Weblogic Mobility Server" and version "3.6" | sp1 |
Affected
| ||||||