Lucene search

[email protected]CVE-2006-0427

HistoryJan 25, 2006 - 11:07 p.m.

CVE-2006-0427

2006-01-2523:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-0427

bea

weblogic server

weblogic express

vulnerability

ejb

servlet applications

system passwords

decryption

nvd

7.5 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

29.6%

JSON

Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted.

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq9.0
bea:weblogic_serverbea weblogic servereq8.1

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	9.0
bea:weblogic_server	bea weblogic server	eq	8.1

References

dev2dev.bea.com/pub/advisory/171

secunia.com/advisories/18592

securitytracker.com/id?1015528

www.osvdb.org/22774

www.securityfocus.com/bid/16358

www.vupen.com/english/advisories/2006/0313

exchange.xforce.ibmcloud.com/vulnerabilities/24291

7.5 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

29.6%

JSON

Related for CVE-2006-0427

prion1