Lucene search

[email protected]CVE-2005-4762

HistoryOct 03, 2022 - 4:22 p.m.

CVE-2005-4762

2022-10-0316:22:45

[email protected]

web.nvd.nist.gov

cve-2005-4762

bea weblogic server

weblogic express

security vulnerability

password storage

local users

administrative privileges

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges.

Affected configurations

NVD

Node

beaweblogic_serverMatch6.1

beaweblogic_serverMatch6.1express

beaweblogic_serverMatch6.1win32

beaweblogic_serverMatch6.1sp1

beaweblogic_serverMatch6.1sp1express

beaweblogic_serverMatch6.1sp1win32

beaweblogic_serverMatch6.1sp2

beaweblogic_serverMatch6.1sp2express

beaweblogic_serverMatch6.1sp2win32

beaweblogic_serverMatch6.1sp3

beaweblogic_serverMatch6.1sp3express

beaweblogic_serverMatch6.1sp3win32

beaweblogic_serverMatch6.1sp4

beaweblogic_serverMatch6.1sp4express

beaweblogic_serverMatch6.1sp4win32

beaweblogic_serverMatch6.1sp5

beaweblogic_serverMatch6.1sp5express

beaweblogic_serverMatch6.1sp5win32

beaweblogic_serverMatch6.1sp6win32

beaweblogic_serverMatch6.1sp7

beaweblogic_serverMatch6.1sp7express

beaweblogic_serverMatch6.1sp7win32

beaweblogic_serverMatch7.0

beaweblogic_serverMatch7.0express

beaweblogic_serverMatch7.0win32

beaweblogic_serverMatch7.0sp1

beaweblogic_serverMatch7.0sp1express

beaweblogic_serverMatch7.0sp1win32

beaweblogic_serverMatch7.0sp2

beaweblogic_serverMatch7.0sp2express

beaweblogic_serverMatch7.0sp2win32

beaweblogic_serverMatch7.0sp3

beaweblogic_serverMatch7.0sp3express

beaweblogic_serverMatch7.0sp3win32

beaweblogic_serverMatch7.0sp4

beaweblogic_serverMatch7.0sp4express

beaweblogic_serverMatch7.0sp4win32

beaweblogic_serverMatch7.0sp5

beaweblogic_serverMatch7.0sp5express

beaweblogic_serverMatch7.0sp5win32

beaweblogic_serverMatch7.0sp6

beaweblogic_serverMatch7.0sp6express

beaweblogic_serverMatch7.0sp6win32

beaweblogic_serverMatch8.1

beaweblogic_serverMatch8.1express

beaweblogic_serverMatch8.1win32

beaweblogic_serverMatch8.1sp1

beaweblogic_serverMatch8.1sp1express

beaweblogic_serverMatch8.1sp1win32

beaweblogic_serverMatch8.1sp2

beaweblogic_serverMatch8.1sp2express

beaweblogic_serverMatch8.1sp2win32

beaweblogic_serverMatch8.1sp3

beaweblogic_serverMatch8.1sp3express

beaweblogic_serverMatch8.1sp3win32

beaweblogic_serverMatch8.1sp4

beaweblogic_serverMatch8.1sp4express

beaweblogic_serverMatch8.1sp4win32

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq6.1
bea:weblogic_serverbea weblogic servereq7.0
bea:weblogic_serverbea weblogic servereq8.1

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	6.1
bea:weblogic_server	bea weblogic server	eq	7.0
bea:weblogic_server	bea weblogic server	eq	8.1

References

dev2dev.bea.com/pub/advisory/153

secunia.com/advisories/17138

www.securityfocus.com/bid/15052

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2005-4762

nvd1 cvelist1