Lucene search

[email protected]CVE-2003-0640

HistoryAug 27, 2003 - 4:00 a.m.

CVE-2003-0640

2003-08-2704:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

bea weblogic server

nodemanager

operator users

admin privileges

cve-2003-0640

nvd

7.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

60.2%

JSON

BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq*

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	*

References

dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp

www.secunia.com/advisories/9232/

7.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

60.2%

JSON

Related for CVE-2003-0640

cvelist1