Description
BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password.
References (2)
Core 2
Core References
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9034
Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/63
Scores
EPSS
0.0026
EPSS Percentile
49.6%
Details
Status
published
Products (1)
bea/weblogic_server
8.1 (4 CPE variants)
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026