| Vulnerability Name: | CVE-2003-1222 (CCN-13750) | ||||||||
| Assigned: | 2003-11-13 | ||||||||
| Published: | 2003-11-13 | ||||||||
| Updated: | 2008-09-10 | ||||||||
| Summary: | BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2003-1222 Source: CCN Type: BEA Systems, Inc. Security Advisory (BEA03-41.00) Patches available to protect password Source: BEA Type: UNKNOWN BEA03-41.00 Source: CCN Type: OSVDB ID: 3062 BEA WebLogic JMS Provider Cleartext Password Source: CCN Type: BID-16358 BEA WebLogic Multiple Vulnerabilities Source: BID Type: Patch 9034 Source: CCN Type: BID-9034 Multiple BEA WebLogic Server/Express Denial of Service and Information Disclosure Vulnerabilities Source: XF Type: UNKNOWN weblogic-foreignjms-plaintext-password(13750) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||