Vulnerabilities > CVE-2007-0409 - Products Multiple vulnerability in BEA
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE local
bea
Summary
BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 24 |