Описание
BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- Patch
- PatchVendor Advisory
- PatchVendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*
EPSS
Процентиль: 73%
0.00749
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges.
EPSS
Процентиль: 73%
0.00749
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other