Lucene search

[email protected]CVE-2003-1222

HistoryAug 16, 2005 - 4:00 a.m.

CVE-2003-1222

2005-08-1604:00:00

[email protected]

web.nvd.nist.gov

cve-2003-1222

bea weblogic

server 8.0

server 8.1

jms

security vulnerability

cleartext password

config.xml

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.1%

JSON

BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password.

Affected configurations

NVD

Node

beaweblogic_serverMatch8.1

beaweblogic_serverMatch8.1express

beaweblogic_serverMatch8.1sp1

beaweblogic_serverMatch8.1sp1express

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq8.1

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	8.1

References

dev2dev.bea.com/pub/advisory/63

www.securityfocus.com/bid/9034

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.1%

JSON

Related for CVE-2003-1222

cvelist1 nvd1