PT-2004-3215 · Bea · Bea Weblogic Express+1

Published

2004-12-31

Updated

2017-07-11

CVE-2004-2321

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: BEA WebLogic Server and Express versions 8.1 SP1 and earlier

Description: The issue allows local users in the Operator role to obtain administrator passwords via MBean attributes, including ServerStartMBean.Password and NodeManagerMBean.CertificatePassword.

Recommendations: For BEA WebLogic Server and Express versions 8.1 SP1 and earlier, restrict access to the MBean attributes ServerStartMBean.Password and NodeManagerMBean.CertificatePassword to prevent unauthorized users from obtaining administrator passwords.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-2321

Affected Products

Bea Weblogic Express

Bea Weblogic Server

PT-2004-3215 · Bea · Bea Weblogic Express+1

CVE-2004-2321

Related Identifiers

Affected Products

References · 6