OpenCVE

BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bea	Weblogic Server
Hp	Hp-ux
Ibm	Aix
Microsoft	Windows 2000 Windows Nt
Redhat	Linux
Sun	Solaris Sunos

Configuration 1 [-]

AND

OR	cpe:2.3:o:hp:hp-ux:11.00:::::::*
	cpe:2.3:o:hp:hp-ux:11.11i:v1::::::
	cpe:2.3:o:ibm:aix:4.3.3:::::::*
	cpe:2.3:o:microsoft:windows_2000::::::::
	cpe:2.3:o:microsoft:windows_nt::::::::
	cpe:2.3:o:redhat:linux:6.2::i386:::::
	cpe:2.3:o:redhat:linux:7.1::i386:::::
	cpe:2.3:o:sun:solaris:2.6:::::::*
	cpe:2.3:o:sun:sunos:5.7:::::::*
	cpe:2.3:o:sun:sunos:5.8:::::::*

OR	cpe:2.3:a:bea:weblogic_server:7.0::express:::::
	cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:::::*
	cpe:2.3:a:bea:weblogic_server:7.0.0.1::express:::::
	cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:::::*

Configuration 2 [-]

AND

OR	cpe:2.3:o:hp:hp-ux:11.00:::::::*
	cpe:2.3:o:hp:hp-ux:11.11i:::::::*
	cpe:2.3:o:ibm:aix:4.3.3:::::::*
	cpe:2.3:o:microsoft:windows_2000::::::::
	cpe:2.3:o:microsoft:windows_nt::::::::
	cpe:2.3:o:redhat:linux:6.2::i386:::::
	cpe:2.3:o:redhat:linux:7.1::i386:::::
	cpe:2.3:o:sun:solaris:2.6:::::::*
	cpe:2.3:o:sun:sunos:5.7:::::::*
	cpe:2.3:o:sun:sunos:5.8:::::::*

OR	cpe:2.3:a:bea:weblogic_server:7.0:::::::*
	cpe:2.3:a:bea:weblogic_server:7.0:sp1::::::
	cpe:2.3:a:bea:weblogic_server:7.0.0.1:::::::*
	cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1::::::

Configuration 3 [-]

AND

OR	cpe:2.3:o:microsoft:windows_2000::::::::
	cpe:2.3:o:microsoft:windows_nt::::::::

OR	cpe:2.3:a:bea:weblogic_server:7.0:::::::*
	cpe:2.3:a:bea:weblogic_server:7.0:sp1::::::
	cpe:2.3:a:bea:weblogic_server:7.0.0.1:::::::*
	cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1::::::

No data.

References

Link	Providers
http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-25.jsp
http://www.securityfocus.com/bid/6719
https://exchange.xforce.ibmcloud.com/vulnerabilities/11220

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-23T01:00:00

Updated: 2024-08-08T02:28:03.573Z

Reserved: 2007-10-22T00:00:00

Link: CVE-2003-1437

Vulnrichment

No data.

NVD

Status : Modified

Published: 2003-12-31T05:00:00.000

Modified: 2024-11-20T23:47:08.990

Link: CVE-2003-1437

Redhat

No data.

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object