{"api_version":"1","generated_at":"2026-04-23T06:58:50+00:00","cve":"CVE-2007-0433","urls":{"html":"https://cve.report/CVE-2007-0433","api":"https://cve.report/api/cve/CVE-2007-0433.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-0433","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-0433"},"summary":{"title":"CVE-2007-0433","description":"Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-01-23 02:28:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.5","severity":"","vector":"AV:N/AC:L/Au:S/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://secunia.com/advisories/23786","name":"http://secunia.com/advisories/23786","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"BEA AquaLogic Weakness and Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://dev2dev.bea.com/pub/advisory/221","name":"http://dev2dev.bea.com/pub/advisory/221","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Upgrade and patch are available to disable users in Active Directory LDAP server","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1017524","name":"http://securitytracker.com/id?1017524","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"SecurityTracker.com Archives - BEA AquaLogic Enterprise Security Lets Disabled User Accounts Access the System","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/22082","name":"http://www.securityfocus.com/bid/22082","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"BEA Multiple Products Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://osvdb.org/32861","name":"http://osvdb.org/32861","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-0433","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-0433","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"433","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"aqualogic_service_bus","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"433","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"aqualogic_service_bus","cpe6":"2.0","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"433","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"aqualogic_service_bus","cpe6":"2.0","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"433","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"aqualogic_service_bus","cpe6":"2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"433","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"aqualogic_service_bus","cpe6":"2.1","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"433","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"aqualogic_service_bus","cpe6":"2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T12:19:30.075Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"BEA07-154.00","tags":["vendor-advisory","x_refsource_BEA","x_transferred"],"url":"http://dev2dev.bea.com/pub/advisory/221"},{"name":"22082","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/22082"},{"name":"23786","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/23786"},{"name":"32861","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/32861"},{"name":"1017524","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1017524"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-01-17T00:00:00.000Z","descriptions":[{"lang":"en","value":"Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2007-09-13T09:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"BEA07-154.00","tags":["vendor-advisory","x_refsource_BEA"],"url":"http://dev2dev.bea.com/pub/advisory/221"},{"name":"22082","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/22082"},{"name":"23786","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/23786"},{"name":"32861","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/32861"},{"name":"1017524","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1017524"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-0433","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"BEA07-154.00","refsource":"BEA","url":"http://dev2dev.bea.com/pub/advisory/221"},{"name":"22082","refsource":"BID","url":"http://www.securityfocus.com/bid/22082"},{"name":"23786","refsource":"SECUNIA","url":"http://secunia.com/advisories/23786"},{"name":"32861","refsource":"OSVDB","url":"http://osvdb.org/32861"},{"name":"1017524","refsource":"SECTRACK","url":"http://securitytracker.com/id?1017524"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-0433","datePublished":"2007-01-23T02:00:00.000Z","dateReserved":"2007-01-22T00:00:00.000Z","dateUpdated":"2024-08-07T12:19:30.075Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-01-23 02:28:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bea:aqualogic_service_bus:2.0:*:*:*:*:*:*:*","matchCriteriaId":"23565F9E-2EBC-486E-BC09-F80F3B36605C"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:aqualogic_service_bus:2.0:sp1:*:*:*:*:*:*","matchCriteriaId":"97E9CD0B-3756-486C-842D-6DF8F2E0F958"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:aqualogic_service_bus:2.0:sp2:*:*:*:*:*:*","matchCriteriaId":"1B7DDF94-2BDE-4140-9C49-E13F55CB20E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:aqualogic_service_bus:2.1:*:*:*:*:*:*:*","matchCriteriaId":"5DA30C95-CD31-49DD-80FC-567C2E73E1A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:aqualogic_service_bus:2.1:sp1:*:*:*:*:*:*","matchCriteriaId":"C8957182-15B8-48B2-AF78-194C1BB3E2C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:aqualogic_service_bus:2.2:*:*:*:*:*:*:*","matchCriteriaId":"1BB0FDF9-0CDD-49D1-838A-B368847EE49C"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"433","Ordinal":"1","Title":"CVE-2007-0433","CVE":"CVE-2007-0433","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"433","Ordinal":"1","NoteData":"Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled.","Type":"Description","Title":"CVE-2007-0433"},{"CveYear":"2007","CveId":"433","Ordinal":"2","NoteData":"2007-01-22","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"433","Ordinal":"3","NoteData":"2007-09-13","Type":"Other","Title":"Modified"}]}}}