| Vulnerability Name: | CCN-11218 | ||||||
| Published: | 2002-01-31 | ||||||
| Updated: | 2002-01-31 | ||||||
| Summary: | BEA WebLogic Server, Express, and Enterprise could allow a local attacker to obtain the WebLogic Server password in plain text, caused by a vulnerability in the Node Manager. The Node Manager is a remote management feature for WebLogic Managed Servers. If a local attacker with access to the computer hosting the Managed Server runs certain programs that display process parameters, the attacker could view the plaintext WebLogic server password. This vulnerability could be used to gain unauthorized access to the WebLogic Server. | ||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||
| CVSS v2 Severity: | 2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||
| Vulnerability Consequences: | Obtain Information | ||||||
| References: | Source: XF Type: UNKNOWN weblogic-nodemanager-password-disclosure(11218) Source: CCN Type: BEA Systems, Inc. Security Advisory (BEA02-15.00) Patch available to protect password | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||