Lucene search

[email protected]CVE-2007-0409

HistoryJan 23, 2007 - 12:28 a.m.

CVE-2007-0409

2007-01-2300:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-0409

bea weblogic

vulnerability

password encryption

nvd

6.2 Medium

AI Score

Confidence

Low

1.5 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

30.1%

JSON

BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password.

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq8.1
bea:weblogic_serverbea weblogic servereq9.0
bea:weblogic_serverbea weblogic servereq7.0

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	8.1
bea:weblogic_server	bea weblogic server	eq	9.0
bea:weblogic_server	bea weblogic server	eq	7.0

References

dev2dev.bea.com/pub/advisory/203

osvdb.org/38501

secunia.com/advisories/23750

securitytracker.com/id?1017525

www.securityfocus.com/bid/22082

www.vupen.com/english/advisories/2007/0213

6.2 Medium

AI Score

Confidence

Low

1.5 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

30.1%

JSON

Related for CVE-2007-0409

prion1 securityvulns1