Lucene search

[email protected]CVE-2003-0623

HistoryDec 01, 2003 - 5:00 a.m.

CVE-2003-0623

2003-12-0105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2003-0623

cross-site scripting

xss

bea tuxedo

administration console

inifile argument

vulnerability

6.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

67.9%

JSON

Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument.

CPENameOperatorVersion
bea:tuxedobea tuxedoeq8.0
bea:tuxedobea tuxedoeq7.1
bea:weblogic_serverbea weblogic servereq4.2
bea:tuxedobea tuxedoeq6.5
bea:weblogic_serverbea weblogic servereq5.1
bea:tuxedobea tuxedoeq6.3
bea:tuxedobea tuxedoeq6.4
bea:tuxedobea tuxedoeq8.1
bea:weblogic_serverbea weblogic servereq5.0.1

CPE	Name	Operator	Version
bea:tuxedo	bea tuxedo	eq	8.0
bea:tuxedo	bea tuxedo	eq	7.1
bea:weblogic_server	bea weblogic server	eq	4.2
bea:tuxedo	bea tuxedo	eq	6.5
bea:weblogic_server	bea weblogic server	eq	5.1
bea:tuxedo	bea tuxedo	eq	6.3
bea:tuxedo	bea tuxedo	eq	6.4
bea:tuxedo	bea tuxedo	eq	8.1
bea:weblogic_server	bea weblogic server	eq	5.0.1

References

dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp

marc.info/?l=bugtraq&m=106762000607681&w=2

www.securityfocus.com/bid/8931

exchange.xforce.ibmcloud.com/vulnerabilities/13561

6.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

67.9%

JSON

Related for CVE-2003-0623

cvelist1