Description
BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords.
References (3)
Core 3
Core References
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/7563
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/7587
Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/22
Scores
EPSS
0.0003
EPSS Percentile
10.0%
Details
Status
published
Products (2)
bea/weblogic_server
7.0 (9 CPE variants)
bea/weblogic_server
7.0.0.1 (9 CPE variants)
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026