Description
Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen.
References (2)
Core 2
Core References
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/7563
Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/22
Scores
EPSS
0.0006
EPSS Percentile
19.2%
Details
Status
published
Products (2)
bea/weblogic_server
7.0 (13 CPE variants)
bea/weblogic_server
7.0.0.1 (9 CPE variants)
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026