Lucene search

[email protected]CVE-2003-1224

HistoryDec 31, 2003 - 5:00 a.m.

CVE-2003-1224

2003-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2003-1224

weblogic

bea weblogic server

express 7.0

jdbcconnectionpoolruntimembean

password

cleartext

shoulder surfing

nvd

6.8 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user’s password by physically observing (“shoulder surfing”) the screen.

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq7.0
bea:weblogic_serverbea weblogic servereq7.0.0.1

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	7.0
bea:weblogic_server	bea weblogic server	eq	7.0.0.1

References

dev2dev.bea.com/pub/advisory/22

www.securityfocus.com/bid/7563

6.8 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2003-1224

nessus1