Lucene search

[email protected]CVE-2006-0423

HistoryJan 25, 2006 - 11:07 p.m.

CVE-2006-0423

2006-01-2523:07:00

[email protected]

web.nvd.nist.gov

cve-2006-0423

bea weblogic portal

password storage

rdbms authentication provider

cleartext

config.xml

privilege escalation

nvd

7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.024 Low

EPSS

Percentile

90.0%

JSON

BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges.

Affected configurations

NVD

Node

oracleweblogic_portalMatch8.1

oracleweblogic_portalMatch8.1sp1

oracleweblogic_portalMatch8.1sp2

oracleweblogic_portalMatch8.1sp3

CPENameOperatorVersion
oracle:weblogic_portaloracle weblogic portaleq8.1

CPE	Name	Operator	Version
oracle:weblogic_portal	oracle weblogic portal	eq	8.1

References

dev2dev.bea.com/pub/advisory/167

dev2dev.bea.com/pub/advisory/262

secunia.com/advisories/18593

securitytracker.com/id?1015528

www.securityfocus.com/bid/16358

www.vupen.com/english/advisories/2006/0312

www.vupen.com/english/advisories/2008/0613

exchange.xforce.ibmcloud.com/vulnerabilities/24284

exchange.xforce.ibmcloud.com/vulnerabilities/40705

7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.024 Low

EPSS

Percentile

90.0%

JSON

Related for CVE-2006-0423

prion1 cvelist1 nvd1