Lucene search
HistoryOct 23, 2007 - 1:00 a.m.
CVE-2003-1437
cve-2003-1437
bea weblogic
plaintext password
vulnerability
nvd
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
6.9 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.
Affected configurations
Node
hphp-uxMatch11.00
ORhphp-uxMatch11.11iv1
ORibmaixMatch4.3.3
ORmicrosoftwindows_2000
ORmicrosoftwindows_nt
ORredhatlinuxMatch6.2i386
ORredhatlinuxMatch7.1i386
ORsunsolarisMatch2.6
ORsunsunosMatch5.7
ORsunsunosMatch5.8
beaweblogic_serverMatch7.0express
ORbeaweblogic_serverMatch7.0sp1express
ORbeaweblogic_serverMatch7.0.0.1express
ORbeaweblogic_serverMatch7.0.0.1sp1express
Node
hphp-uxMatch11.00
ORhphp-uxMatch11.11i
ORibmaixMatch4.3.3
ORmicrosoftwindows_2000
ORmicrosoftwindows_nt
ORredhatlinuxMatch6.2i386
ORredhatlinuxMatch7.1i386
ORsunsolarisMatch2.6
ORsunsunosMatch5.7
ORsunsunosMatch5.8
beaweblogic_serverMatch7.0
ORbeaweblogic_serverMatch7.0sp1
ORbeaweblogic_serverMatch7.0.0.1
ORbeaweblogic_serverMatch7.0.0.1sp1
Node
microsoftwindows_2000
ORmicrosoftwindows_nt
beaweblogic_serverMatch7.0
ORbeaweblogic_serverMatch7.0sp1
ORbeaweblogic_serverMatch7.0.0.1
ORbeaweblogic_serverMatch7.0.0.1sp1
| CPE | Name | Operator | Version |
|---|---|---|---|
| bea:weblogic_server | bea weblogic server | eq | 7.0 |
| bea:weblogic_server | bea weblogic server | eq | 7.0.0.1 |
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
6.9 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2003-1437