Vulnerability Details CVE-2004-1757
BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.1%
CVSS Severity
CVSS v2 Score 4.6
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_50.00.jsp
- http://secunia.com/advisories/10728
- http://www.kb.cert.org/vuls/id/350350
- http://www.securityfocus.com/bid/9501
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14957
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_50.00.jsp
- http://secunia.com/advisories/10728
- http://www.kb.cert.org/vuls/id/350350
- http://www.securityfocus.com/bid/9501
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14957
Products affected by CVE-2004-1757
-
cpe:2.3:a:bea:weblogic_server:6.1
-
cpe:2.3:a:bea:weblogic_server:7.0
-
cpe:2.3:a:bea:weblogic_server:8.1