Vulnerability Details : CVE-2004-1755
The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges.
Exploit prediction scoring system (EPSS) score for CVE-2004-1755
Probability of exploitation activity in the next 30 days: 0.32%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 70 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2004-1755
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2004-1755
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/15826
-
http://www.kb.cert.org/vuls/id/858990
Third Party Advisory;US Government Resource
-
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_47.00.jsp
Patch
-
http://www.securityfocus.com/bid/9502
Patch