CVE-2004-1758

Sažetak

BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges.

Reference

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_53.00.jsp
http://secunia.com/advisories/11357
http://securitytracker.com/id?1009764
http://www.kb.cert.org/vuls/id/920238
http://www.osvdb.org/5297
http://www.securityfocus.com/bid/10131
https://exchange.xforce.ibmcloud.com/vulnerabilities/15860

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-07-2017 - 01:31

Objavljeno

13-04-2004 - 04:00