Vulnerability Details CVE-2007-5576
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.4%
CVSS Severity
CVSS v2 Score 6.8
References
- http://dev2dev.bea.com/pub/advisory/226
- http://osvdb.org/45478
- http://www.vupen.com/english/advisories/2007/1813
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34290
- http://dev2dev.bea.com/pub/advisory/226
- http://osvdb.org/45478
- http://www.vupen.com/english/advisories/2007/1813
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34290
Products affected by CVE-2007-5576
-
cpe:2.3:a:bea:tuxedo:8.0
-
cpe:2.3:a:bea:tuxedo:8.1
-
cpe:2.3:a:bea:weblogic_integration:8.1
-
cpe:2.3:a:bea:weblogic_integration:9.2
-
cpe:2.3:a:bea:weblogic_server:5.1
-
cpe:2.3:a:bea:weblogic_server:6.1
-
cpe:2.3:a:bea:weblogic_server:7.0
-
cpe:2.3:a:bea:weblogic_server:7.0.0.1
-
cpe:2.3:a:bea:weblogic_server:8.1
-
cpe:2.3:a:bea:weblogic_server:9.0
-
cpe:2.3:a:bea:weblogic_server:9.1
-
cpe:2.3:a:bea:weblogic_server:9.2
-
cpe:2.3:a:bea:weblogic_workshop:8.1
-
cpe:2.3:a:oracle:weblogic_portal:9.2