Vulnerabilities > CVE-2006-0423 - Multiple vulnerability in Oracle Weblogic Portal 8.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

oracle

NVD

Published: 2006-01-25

Updated: 2018-10-30

Summary

BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Weblogic Portal 8.1	4

References

http://dev2dev.bea.com/pub/advisory/167
http://dev2dev.bea.com/pub/advisory/262
http://secunia.com/advisories/18593
http://securitytracker.com/id?1015528
http://www.securityfocus.com/bid/16358
http://www.vupen.com/english/advisories/2006/0312
http://www.vupen.com/english/advisories/2008/0613
https://exchange.xforce.ibmcloud.com/vulnerabilities/24284
https://exchange.xforce.ibmcloud.com/vulnerabilities/40705