Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Tuxedo | 6.3 |
| Bea | Weblogic Server | 4.2 |
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.PatchVendor Advisory
- http://marc.info/?l=bugtraq&m=106762000607681&w=2
- http://www.securityfocus.com/bid/8931ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13561
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.PatchVendor Advisory
- http://marc.info/?l=bugtraq&m=106762000607681&w=2
- http://www.securityfocus.com/bid/8931ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13561
FAQ
What is CVE-2003-0623?
CVE-2003-0623 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument.
How severe is CVE-2003-0623?
CVE-2003-0623 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0623?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Tuxedo, Bea Weblogic Server.