Remote Domain Authorization Bypass in BEA Tuxedo 7.1

Remote Domain Authorization Bypass in BEA Tuxedo 7.1

CVE-2001-1477 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain.

Learn more about our User Device Pen Test.