PT-2007-1880 · Bea · Bea Weblogic
Publicado
2007-01-23
·
Atualizado
2011-03-08
·
CVE-2007-0409
CVSS v2.0
1.5
Baixa
| Vetor | AV:L/AC:M/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
BEA WebLogic versions 7.0 through 7.0 SP6
BEA WebLogic versions 8.1 through 8.1 SP4
BEA WebLogic version 9.0 initial release
Description
The issue allows local administrative users to read cleartext passwords stored in the JDBCDataSourceFactory MBean Properties due to a lack of encryption.
Recommendations
For BEA WebLogic versions 7.0 through 7.0 SP6, consider restricting access to the JDBCDataSourceFactory MBean Properties to minimize the risk of exploitation.
For BEA WebLogic versions 8.1 through 8.1 SP4, consider restricting access to the JDBCDataSourceFactory MBean Properties to minimize the risk of exploitation.
For BEA WebLogic version 9.0 initial release, consider restricting access to the JDBCDataSourceFactory MBean Properties to minimize the risk of exploitation.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Bea Weblogic