Vulnerability Description
BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | <= 7.0 |
References
- http://dev2dev.bea.com/pub/advisory/203PatchVendor Advisory
- http://osvdb.org/38501
- http://secunia.com/advisories/23750
- http://securitytracker.com/id?1017525
- http://www.securityfocus.com/bid/22082
- http://www.vupen.com/english/advisories/2007/0213
- http://dev2dev.bea.com/pub/advisory/203PatchVendor Advisory
- http://osvdb.org/38501
- http://secunia.com/advisories/23750
- http://securitytracker.com/id?1017525
- http://www.securityfocus.com/bid/22082
- http://www.vupen.com/english/advisories/2007/0213
FAQ
What is CVE-2007-0409?
CVE-2007-0409 is a vulnerability with a CVSS score of 1.5 (LOW). BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users ...
How severe is CVE-2007-0409?
CVE-2007-0409 has been rated LOW with a CVSS base score of 1.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0409?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.