CVE-2006-0427
BEA WebLogic Server & WebLogic Express <9.0-8.1.SP5 - Info Disclosure
Title source: llmDescription
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted.
References (7)
Core 7
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0313
Patch, Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/171
Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015528
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18592
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/22774
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24291
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16358
Scores
EPSS
0.0008
EPSS Percentile
23.0%
Details
Status
published
Products (2)
bea/weblogic_server
8.1 sp1 (10 CPE variants)
bea/weblogic_server
9.0 sp1 (10 CPE variants)
Published
Jan 25, 2006
Tracked Since
Feb 18, 2026