PT-2004-3215 · Bea · Bea Weblogic Express+1

Publicado

2004-12-31

Atualizado

2017-07-11

CVE-2004-2321

CVSS v2.0

2.1

Baixa

Vetor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: BEA WebLogic Server and Express versions 8.1 SP1 and earlier

Description: The issue allows local users in the Operator role to obtain administrator passwords via MBean attributes, including ServerStartMBean.Password and NodeManagerMBean.CertificatePassword.

Recommendations: For BEA WebLogic Server and Express versions 8.1 SP1 and earlier, restrict access to the MBean attributes ServerStartMBean.Password and NodeManagerMBean.CertificatePassword to prevent unauthorized users from obtaining administrator passwords.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-2321

Produtos afetados

Bea Weblogic Express

Bea Weblogic Server

PT-2004-3215 · Bea · Bea Weblogic Express+1

CVE-2004-2321

Identificadores relacionados

Produtos afetados

Referências · 6