1. CVE-Search
  2. CVE-2007-0409
ID CVE-2007-0409
Summary BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password.
References
Vulnerable Configurations
  • cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:5.1:sp6:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:5.1:sp6:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:5.1:sp6:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:5.1:sp6:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:5.1:sp6:win32:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:5.1:sp6:win32:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp6:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp6:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp6:win32:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp6:win32:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:express:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:express:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:5.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:5.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:5.1:sp4:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:5.1:sp4:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:5.1:sp4:win32:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:5.1:sp4:win32:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp4:win32:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp4:win32:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:express:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:express:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp4:win32:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp4:win32:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*
CVSS
Base: 1.5 (as of 08-03-2011 - 02:49)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:M/Au:S/C:P/I:N/A:N
refmap via4
bea BEA07-136.00
bid 22082
osvdb 38501
sectrack 1017525
secunia 23750
vupen ADV-2007-0213
Last major update 08-03-2011 - 02:49
Published 23-01-2007 - 00:28
Last modified 08-03-2011 - 02:49
Back to Top