CVE-2007-0409
Published Jan 23, 2007
Last updated 14 years ago
Overview
- Description
- BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 1.5
- Impact score
- 2.9
- Exploitability score
- 2.7
- Vector string
- AV:L/AC:M/Au:S/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bea:weblogic_server:*:sp6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "614F8329-684E-4B39-A318-33A8E21270FA",
"versionEndIncluding": "7.0"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:*:sp4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "694AF942-2D1E-4CB6-B9BE-AC1C2ACD7381",
"versionEndIncluding": "8.1"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9C5AFCF-79D8-4005-B800-B0C6BD461276"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E08D4CEA-9ACC-4869-BC87-3524A059914F"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3CA97F1A-49F7-4511-8959-D62155491DF5"
}
],
"operator": "OR"
}
]
}
]