Description
BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/14962
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9505
Patch, Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/1
Patch vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/alerts/2004/Jan/1008867.html
Scores
EPSS
0.0003
EPSS Percentile
10.2%
Details
Status
published
Products (1)
bea/weblogic_server
8.1 sp1 (3 CPE variants)
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026