Vulnerabilities > CVE-2006-2464 - Local Security vulnerability in BEA Weblogic Server 7.0/8.1

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

bea

NVD

Published: 2006-05-19

Updated: 2017-07-20

Summary

stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6 displays the administrator password to stdout when executed, which allows local users to obtain the password by viewing a local display.

Vulnerable Configurations

Part	Description	Count
Application	Bea BEA Weblogic Server 7.0 BEA Weblogic Server 8.1	10

References

http://dev2dev.bea.com/pub/advisory/181
http://secunia.com/advisories/20130
http://securitytracker.com/id?1016094
http://www.vupen.com/english/advisories/2006/1828
https://exchange.xforce.ibmcloud.com/vulnerabilities/26467