PT-2003-2382 · Bea · Bea Weblogic Server+1

Published

2003-12-31

Updated

2018-10-30

CVE-2003-1437

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions BEA WebLogic Express and WebLogic Server versions 7.0 and 7.0.0.1

Description The issue allows local users to gain access by storing passwords in plaintext when a keystore is used to store a private key or trust certificate authorities.

Recommendations For BEA WebLogic Express and WebLogic Server versions 7.0 and 7.0.0.1, consider restricting access to the keystore to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-1437

Affected Products

Bea Weblogic Express

Bea Weblogic Server

PT-2003-2382 · Bea · Bea Weblogic Server+1

CVE-2003-1437

Related Identifiers

Affected Products

References · 5