Vulnerability Details CVE-2004-0712
The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.3%
CVSS Severity
CVSS v2 Score 4.6
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_58.00.jsp
- http://www.kb.cert.org/vuls/id/574222
- http://www.securityfocus.com/bid/10188
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15926
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_58.00.jsp
- http://www.kb.cert.org/vuls/id/574222
- http://www.securityfocus.com/bid/10188
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15926
Products affected by CVE-2004-0712
-
cpe:2.3:a:bea:weblogic_server:8.1