PT-2004-2661 · Bea · Bea Weblogic Server
Published
2004-12-31
·
Updated
2017-07-11
·
CVE-2004-1757
CVSS v2.0
4.6
Medium
| Vector | AV:L/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
BEA WebLogic Server and Express versions 8.1, SP1 and earlier
Description
The issue allows local users to gain privileges because the administrator password is stored in cleartext in the config.xml file.
Recommendations
For versions 8.1, SP1 and earlier, consider restricting access to the config.xml file to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Bea Weblogic Server