CVE-2007-5576

EPSS 0.6%
Published 18.10.2007 21:17:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Bea ≫ Tuxedo Version8.0

Bea ≫ Tuxedo Version8.1

Bea ≫ Weblogic Integration Version8.1

Bea ≫ Weblogic Integration Version8.1 Updatesp2

Bea ≫ Weblogic Integration Version8.1 Updatesp3

Bea ≫ Weblogic Integration Version8.1 Updatesp4

Bea ≫ Weblogic Integration Version8.1 Updatesp5

Bea ≫ Weblogic Integration Version8.1 Updatesp6

Bea ≫ Weblogic Integration Version9.2

Bea ≫ Weblogic Server Version5.1 Editionenterprise

Bea ≫ Weblogic Server Version6.1 Editionexpress

Bea ≫ Weblogic Server Version6.1 Updatesp1 Editionexpress

Bea ≫ Weblogic Server Version6.1 Updatesp2 Editionexpress

Bea ≫ Weblogic Server Version6.1 Updatesp3 Editionexpress

Bea ≫ Weblogic Server Version6.1 Updatesp4 Editionexpress

Bea ≫ Weblogic Server Version6.1 Updatesp5 Editionexpress

Bea ≫ Weblogic Server Version6.1 Updatesp6 Editionexpress

Bea ≫ Weblogic Server Version6.1 Updatesp7 Editionexpress

Bea ≫ Weblogic Server Version7.0

Bea ≫ Weblogic Server Version7.0 Editionexpress

Bea ≫ Weblogic Server Version7.0 Updatesp1

Bea ≫ Weblogic Server Version7.0 Updatesp1 Editionexpress

Bea ≫ Weblogic Server Version7.0 Updatesp2

Bea ≫ Weblogic Server Version7.0 Updatesp2 Editionexpress

Bea ≫ Weblogic Server Version7.0 Updatesp3

Bea ≫ Weblogic Server Version7.0 Updatesp3 Editionexpress

Bea ≫ Weblogic Server Version7.0 Updatesp4

Bea ≫ Weblogic Server Version7.0 Updatesp4 Editionexpress

Bea ≫ Weblogic Server Version7.0 Updatesp5

Bea ≫ Weblogic Server Version7.0 Updatesp5 Editionexpress

Bea ≫ Weblogic Server Version7.0 Updatesp6

Bea ≫ Weblogic Server Version7.0 Updatesp6 Editionexpress

Bea ≫ Weblogic Server Version7.0 Updatesp7

Bea ≫ Weblogic Server Version7.0 Updatesp7 Editionexpress

Bea ≫ Weblogic Server Version7.0.0.1

Bea ≫ Weblogic Server Version7.0.0.1 Updatesp1

Bea ≫ Weblogic Server Version7.0.0.1 Updatesp2

Bea ≫ Weblogic Server Version7.0.0.1 Updatesp3

Bea ≫ Weblogic Server Version7.0.0.1 Updatesp4

Bea ≫ Weblogic Server Version8.1 Editionexpress

Bea ≫ Weblogic Server Version8.1 Updatesp1 Editionexpress

Bea ≫ Weblogic Server Version8.1 Updatesp2 Editionexpress

Bea ≫ Weblogic Server Version8.1 Updatesp3 Editionexpress

Bea ≫ Weblogic Server Version8.1 Updatesp4 Editionexpress

Bea ≫ Weblogic Server Version8.1 Updatesp5 Editionexpress

Bea ≫ Weblogic Server Version9.0

Bea ≫ Weblogic Server Version9.1

Bea ≫ Weblogic Server Version9.1 Editionexpress

Bea ≫ Weblogic Server Version9.2

Bea ≫ Weblogic Server Version9.2 Editionexpress

Bea ≫ Weblogic Workshop Version8.1 Updatesp2

Bea ≫ Weblogic Workshop Version8.1 Updatesp3

Bea ≫ Weblogic Workshop Version8.1 Updatesp4

Bea ≫ Weblogic Workshop Version8.1 Updatesp5

Bea ≫ Weblogic Workshop Version8.1 Updatesp6

Oracle ≫ Weblogic Portal Version9.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.6%	0.67

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	3.1	10	AV:L/AC:L/Au:S/C:C/I:C/A:C

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://dev2dev.bea.com/pub/advisory/226

http://osvdb.org/45478

http://www.vupen.com/english/advisories/2007/1813

https://exchange.xforce.ibmcloud.com/vulnerabilities/34290

https://nvd.nist.gov/vuln/detail/CVE-2007-5576

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-5576

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-5576

EUVD