CVE-2004-0470

Name: CVE-2004-0470
Creator: NVD / NIST
Published: 2004-07-07T04:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.69%

Last modified Jun 16, 2026

CVE-2004-0470 is a vulnerability of currently unknown severity. BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application.. EPSS estimates a 2.69% chance of exploitation in the next 30 days.

Description

BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application.

Metrics

EPSS Probability

2.69%

83.9th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Bea	Weblogic Server	7.0
Bea	Weblogic Server	8.1

References

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_59.00.jspPatch, Vendor Advisory
http://secunia.com/advisories/11593
http://securitytracker.com/id?1010128
http://www.kb.cert.org/vuls/id/950070Third Party Advisory, US Government Resource
http://www.osvdb.org/6076
http://www.securityfocus.com/bid/10328
https://exchange.xforce.ibmcloud.com/vulnerabilities/16123
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_59.00.jspPatch, Vendor Advisory
http://secunia.com/advisories/11593
http://securitytracker.com/id?1010128
http://www.kb.cert.org/vuls/id/950070Third Party Advisory, US Government Resource
http://www.osvdb.org/6076
http://www.securityfocus.com/bid/10328
https://exchange.xforce.ibmcloud.com/vulnerabilities/16123

Timeline

Published: Jul 7, 2004
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2004-0470?

How severe is CVE-2004-0470?

Severity scoring for CVE-2004-0470 is pending analysis. The EPSS model estimates a 2.69% probability of exploitation in the next 30 days.

How do I fix CVE-2004-0470?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2004-0470?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST