Description
The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges.
References (4)
Core 4
Core References
Patch, Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/574222
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10188
Various Sources x_refsource_confirm
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_58.00.jsp
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15926
Scores
EPSS
0.0009
EPSS Percentile
25.1%
Details
Status
published
Products (1)
bea/weblogic_server
8.1 (9 CPE variants)
Published
Jul 27, 2004
Tracked Since
Feb 18, 2026