Vulnerability Description
BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Hp-Ux | 11.00 |
| Ibm | Aix | 4.3.3 |
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows Nt | All versions |
| Redhat | Linux | 6.2 |
| Sun | Solaris | 2.6 |
| Sun | Sunos | 5.7 |
| Bea | Weblogic Server | 7.0 |
References
- http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-25.jspPatchVendor Advisory
- http://www.securityfocus.com/bid/6719
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11220
- http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-25.jspPatchVendor Advisory
- http://www.securityfocus.com/bid/6719
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11220
FAQ
What is CVE-2003-1437?
CVE-2003-1437 is a vulnerability with a CVSS score of 2.1 (LOW). BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gai...
How severe is CVE-2003-1437?
CVE-2003-1437 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1437?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Hp-Ux, Ibm Aix, Microsoft Windows 2000, Microsoft Windows Nt, Redhat Linux.