Vulnerability Description
BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | All versions |
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp
- http://www.secunia.com/advisories/9232/PatchVendor Advisory
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp
- http://www.secunia.com/advisories/9232/PatchVendor Advisory
FAQ
What is CVE-2003-0640?
CVE-2003-0640 is a vulnerability with a CVSS score of 10.0 (HIGH). BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileg...
How severe is CVE-2003-0640?
CVE-2003-0640 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0640?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.