{"api_version":"1","generated_at":"2026-04-23T06:59:40+00:00","cve":"CVE-2001-1477","urls":{"html":"https://cve.report/CVE-2001-1477","api":"https://cve.report/api/cve/CVE-2001-1477.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2001-1477","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2001-1477"},"summary":{"title":"CVE-2001-1477","description":"The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain.","state":"PUBLISHED","assigner":"mitre","published_at":"2001-12-31 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.6","severity":"","vector":"AV:L/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA00-08.jsp","name":"http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA00-08.jsp","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Oracle Fusion Middleware Technologies","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/6326","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/6326","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2001-1477","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2001-1477","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2001","cve_id":"1477","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"tuxedo","cpe6":"7.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T04:58:11.588Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA00-08.jsp"},{"name":"bea-tuxedo-remote-access(6326)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/6326"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2001-03-19T00:00:00.000Z","descriptions":[{"lang":"en","value":"The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-10T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA00-08.jsp"},{"name":"bea-tuxedo-remote-access(6326)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/6326"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2001-1477","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA00-08.jsp","refsource":"CONFIRM","url":"http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA00-08.jsp"},{"name":"bea-tuxedo-remote-access(6326)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/6326"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2001-1477","datePublished":"2005-05-10T04:00:00.000Z","dateReserved":"2005-05-04T00:00:00.000Z","dateUpdated":"2024-08-08T04:58:11.588Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2001-12-31 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bea:tuxedo:7.1:*:*:*:*:*:*:*","matchCriteriaId":"EC74F617-4CA9-4B0C-87C7-C49A73934CEE"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2001","CveId":"1477","Ordinal":"1","Title":"CVE-2001-1477","CVE":"CVE-2001-1477","Year":"2001"},"notes":[{"CveYear":"2001","CveId":"1477","Ordinal":"1","NoteData":"The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain.","Type":"Description","Title":"CVE-2001-1477"},{"CveYear":"2001","CveId":"1477","Ordinal":"2","NoteData":"2005-05-10","Type":"Other","Title":"Published"},{"CveYear":"2001","CveId":"1477","Ordinal":"3","NoteData":"2017-07-10","Type":"Other","Title":"Modified"}]}}}