CVE-2007-5576
BEA Tuxedo 8.0-8.1 and WebLogic Enterprise 5.1 - Cleartext Password Exposure via cnsbind/cnsunbind/cnsls Commands
Title source: llmDescription
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/45478
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34290
Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/226
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1813
Scores
EPSS
0.0077
EPSS Percentile
73.8%
Details
CWE
CWE-200
Status
published
Products (12)
bea/tuxedo
8.0
bea/tuxedo
8.1
bea/weblogic_integration
8.1 (6 CPE variants)
bea/weblogic_integration
9.2
bea/weblogic_server
5.1
bea/weblogic_server
6.1 (8 CPE variants)
bea/weblogic_server
7.0 (16 CPE variants)
bea/weblogic_server
7.0.0.1 (5 CPE variants)
bea/weblogic_server
8.1 (6 CPE variants)
bea/weblogic_server
9.0
... and 2 more
Published
Oct 18, 2007
Tracked Since
Feb 18, 2026