CVE-2004-1757

BEA WebLogic Server & Express <8.1.SP1 - Privilege Escalation

Title source: llm

Description

BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges.

References (5)

Core 5

Core References

Patch third-party-advisory x_refsource_secunia

http://secunia.com/advisories/10728

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/350350

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/14957

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/9501

Patch, Vendor Advisory x_refsource_confirm

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_50.00.jsp

Scores

EPSS 0.0011

EPSS Percentile 28.6%

Details

Status published

Products (3)

bea/weblogic_server 6.1 (19 CPE variants)

bea/weblogic_server 7.0 (18 CPE variants)

bea/weblogic_server 8.1 (9 CPE variants)

Published Dec 31, 2004

Tracked Since Feb 18, 2026