Vulnerability Details CVE-2006-0426
BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://dev2dev.bea.com/pub/advisory/170
- http://secunia.com/advisories/18592
- http://securitytracker.com/id?1015528
- http://www.osvdb.org/22775
- http://www.securityfocus.com/bid/16358
- http://www.vupen.com/english/advisories/2006/0313
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24290
- http://dev2dev.bea.com/pub/advisory/170
- http://secunia.com/advisories/18592
- http://securitytracker.com/id?1015528
- http://www.osvdb.org/22775
- http://www.securityfocus.com/bid/16358
- http://www.vupen.com/english/advisories/2006/0313
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24290
Products affected by CVE-2006-0426
-
cpe:2.3:a:bea:weblogic_server:8.1