Lucene search

[email protected]CVE-2004-0712

HistoryJul 27, 2004 - 4:00 a.m.

CVE-2004-0712

2004-07-2704:00:00

[email protected]

web.nvd.nist.gov

bea weblogic

server 8.1

sp2

configuration tools

vulnerability

cleartext credentials

local privilege escalation

nvd

7.2 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges.

Affected configurations

NVD

Node

beaweblogic_serverMatch8.1

beaweblogic_serverMatch8.1express

beaweblogic_serverMatch8.1win32

beaweblogic_serverMatch8.1sp1

beaweblogic_serverMatch8.1sp1express

beaweblogic_serverMatch8.1sp1win32

beaweblogic_serverMatch8.1sp2

beaweblogic_serverMatch8.1sp2express

beaweblogic_serverMatch8.1sp2win32

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq8.1

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	8.1

References

dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_58.00.jsp

www.kb.cert.org/vuls/id/574222

www.securityfocus.com/bid/10188

exchange.xforce.ibmcloud.com/vulnerabilities/15926

7.2 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2004-0712

nvd1 cvelist1