1.5
CVE-2007-0409
- EPSS 0.28%
- Veröffentlicht 23.01.2007 00:28:00
- Zuletzt bearbeitet 16.06.2026 22:35:30
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bea ≫ Weblogic Server Updatesp6 Version <= 7.0
Bea ≫ Weblogic Server Updatesp4 Version <= 8.1
Bea ≫ Weblogic Server Version7.0
Bea ≫ Weblogic Server Version8.1
Bea ≫ Weblogic Server Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.199 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 1.5 | 2.7 | 2.9 |
AV:L/AC:M/Au:S/C:P/I:N/A:N
|
http://secunia.com/advisories/23750
http://www.securityfocus.com/bid/22082
http://www.vupen.com/english/advisories/2007/0213
http://dev2dev.bea.com/pub/advisory/203
http://osvdb.org/38501
http://securitytracker.com/id?1017525