| Vulnerability Name: | CVE-2007-0409 (CCN-31560) | ||||||||
| Assigned: | 2007-01-16 | ||||||||
| Published: | 2007-01-16 | ||||||||
| Updated: | 2011-03-08 | ||||||||
| Summary: | BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password. | ||||||||
| CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 1.5 Low (CVSS v2 Vector: AV:L/AC:M/Au:S/C:P/I:N/A:N) 1.3 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:S/C:P/I:N/A:N/E:H/RL:OF/RC:C)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-0409 Source: BEA Type: Patch, Vendor Advisory BEA07-136.00 Source: OSVDB Type: UNKNOWN 38501 Source: CCN Type: SA23750 BEA WebLogic Multiple Vulnerabilities and Security Issues Source: SECUNIA Type: UNKNOWN 23750 Source: CCN Type: SECTRACK ID: 1017525 WebLogic Bugs Let Remote Users Gain Access, Obtain Information, and Deny Service Source: SECTRACK Type: UNKNOWN 1017525 Source: CCN Type: OSVDB ID: 38501 BEA WebLogic JDBCDataSourceFactory MBean Properties Cleartext Password Local Disclosure Source: BID Type: UNKNOWN 22082 Source: CCN Type: BID-22082 BEA Multiple Products Multiple Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2007-0213 Source: XF Type: UNKNOWN weblogic-jdbcdata-plaintext-password(31560) Source: CCN Type: BEA07-136.00 JDBCDataSourceFactory MBean password field not encrypted | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||