7.5
CVE-2006-0423
- EPSS 3.64%
- Veröffentlicht 25.01.2006 23:07:00
- Zuletzt bearbeitet 16.06.2026 22:20:34
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Weblogic Portal Version8.1
Oracle ≫ Weblogic Portal Version8.1 Updatesp1
Oracle ≫ Weblogic Portal Version8.1 Updatesp2
Oracle ≫ Weblogic Portal Version8.1 Updatesp3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.64% | 0.881 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://securitytracker.com/id?1015528
http://www.securityfocus.com/bid/16358
http://dev2dev.bea.com/pub/advisory/167
http://dev2dev.bea.com/pub/advisory/262
http://secunia.com/advisories/18593
http://www.vupen.com/english/advisories/2006/0312
http://www.vupen.com/english/advisories/2008/0613
https://exchange.xforce.ibmcloud.com/vulnerabilities/24284
https://exchange.xforce.ibmcloud.com/vulnerabilities/40705