Vulnerability Description
BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 8.1 |
References
- http://dev2dev.bea.com/pub/advisory/1PatchVendor Advisory
- http://www.securityfocus.com/bid/9505Patch
- http://www.securitytracker.com/alerts/2004/Jan/1008867.htmlPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14962
- http://dev2dev.bea.com/pub/advisory/1PatchVendor Advisory
- http://www.securityfocus.com/bid/9505Patch
- http://www.securitytracker.com/alerts/2004/Jan/1008867.htmlPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14962
FAQ
What is CVE-2004-2321?
CVE-2004-2321 is a vulnerability with a CVSS score of 2.1 (LOW). BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) Node...
How severe is CVE-2004-2321?
CVE-2004-2321 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2321?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.