{"api_version":"1","generated_at":"2026-04-23T07:00:02+00:00","cve":"CVE-2007-2699","urls":{"html":"https://cve.report/CVE-2007-2699","api":"https://cve.report/api/cve/CVE-2007-2699.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-2699","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-2699"},"summary":{"title":"CVE-2007-2699","description":"The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-05-16 01:19:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.1","severity":"","vector":"AV:N/AC:H/Au:S/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:H/Au:S/C:C/I:C/A:C","baseScore":7.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://dev2dev.bea.com/pub/advisory/231","name":"http://dev2dev.bea.com/pub/advisory/231","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Security policy may not be applied to WebLogic administration deployers when uploading archives","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1018057","name":"http://securitytracker.com/id?1018057","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"SecurityTracker.com Archives - BEA WebLogic Server Multiple Bugs Let Remote Users Deny Service, Gain Elevated Privileges","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/36069","name":"http://osvdb.org/36069","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://packetstormsecurity.com/files/153072/Oracle-Application-Testing-Suite-WebLogic-Server-Administration-Console-War-Deployment.html","name":"http://packetstormsecurity.com/files/153072/Oracle-Application-Testing-Suite-WebLogic-Server-Administration-Console-War-Deployment.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Oracle Application Testing Suite WebLogic Server Administration Console War Deployment ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34289","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34289","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/25284","name":"http://secunia.com/advisories/25284","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"BEA Products Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/1815","name":"http://www.vupen.com/english/advisories/2007/1815","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-2699","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-2699","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"2699","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2699","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"9.0","cpe7":"*","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2699","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"9.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2699","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"9.1","cpe7":"*","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T13:49:57.306Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"BEA07-164.00","tags":["vendor-advisory","x_refsource_BEA","x_transferred"],"url":"http://dev2dev.bea.com/pub/advisory/231"},{"name":"36069","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/36069"},{"name":"weblogic-adminconsole-insecure-permissions(34289)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34289"},{"name":"1018057","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1018057"},{"name":"25284","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/25284"},{"name":"ADV-2007-1815","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/1815"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://packetstormsecurity.com/files/153072/Oracle-Application-Testing-Suite-WebLogic-Server-Administration-Console-War-Deployment.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-05-14T00:00:00.000Z","descriptions":[{"lang":"en","value":"The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2019-05-28T16:06:05.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"BEA07-164.00","tags":["vendor-advisory","x_refsource_BEA"],"url":"http://dev2dev.bea.com/pub/advisory/231"},{"name":"36069","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/36069"},{"name":"weblogic-adminconsole-insecure-permissions(34289)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34289"},{"name":"1018057","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1018057"},{"name":"25284","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/25284"},{"name":"ADV-2007-1815","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/1815"},{"tags":["x_refsource_MISC"],"url":"http://packetstormsecurity.com/files/153072/Oracle-Application-Testing-Suite-WebLogic-Server-Administration-Console-War-Deployment.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-2699","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"BEA07-164.00","refsource":"BEA","url":"http://dev2dev.bea.com/pub/advisory/231"},{"name":"36069","refsource":"OSVDB","url":"http://osvdb.org/36069"},{"name":"weblogic-adminconsole-insecure-permissions(34289)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34289"},{"name":"1018057","refsource":"SECTRACK","url":"http://securitytracker.com/id?1018057"},{"name":"25284","refsource":"SECUNIA","url":"http://secunia.com/advisories/25284"},{"name":"ADV-2007-1815","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/1815"},{"name":"http://packetstormsecurity.com/files/153072/Oracle-Application-Testing-Suite-WebLogic-Server-Administration-Console-War-Deployment.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/153072/Oracle-Application-Testing-Suite-WebLogic-Server-Administration-Console-War-Deployment.html"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-2699","datePublished":"2007-05-16T01:00:00.000Z","dateReserved":"2007-05-15T00:00:00.000Z","dateUpdated":"2024-08-07T13:49:57.306Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-05-16 01:19:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:S/C:C/I:C/A:C","baseScore":7.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*","matchCriteriaId":"3CA97F1A-49F7-4511-8959-D62155491DF5"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:9.0:*:express:*:*:*:*:*","matchCriteriaId":"0EDB38AA-CAC4-4C89-8484-7C2A75F8038F"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*","matchCriteriaId":"DCAAE8F1-CB25-4871-BE48-ABF7DFAD8AD6"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:9.1:*:express:*:*:*:*:*","matchCriteriaId":"17280B97-D499-434E-BD89-FD348E9E2E0C"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"2699","Ordinal":"1","Title":"CVE-2007-2699","CVE":"CVE-2007-2699","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"2699","Ordinal":"1","NoteData":"The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.","Type":"Description","Title":"CVE-2007-2699"},{"CveYear":"2007","CveId":"2699","Ordinal":"2","NoteData":"2007-05-15","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"2699","Ordinal":"3","NoteData":"2019-05-28","Type":"Other","Title":"Modified"}]}}}