CVE-2003-1222

Name of the Vulnerable Software and Affected Versions BEA Weblogic Express and Server versions 8.0 through 8.1 SP 1

Description The issue allows attackers to obtain the password for a foreign Java Message Service (JMS) provider. When using such a provider, the password is echoed to the console and stored in cleartext in config.xml.

Recommendations For versions 8.0 through 8.1 SP 1, consider restricting access to the config.xml file to minimize the risk of password exposure. As a temporary workaround, avoid using foreign JMS providers until a fix is available.