Vulnerabilities > CVE-2007-0413 - Products Multiple vulnerability in BEA

CVSS 4.4 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

bea

NVD

Published: 2007-01-23

Updated: 2011-03-08

Summary

BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a backup of config.xml after offline editing, which allows local users to obtain sensitive information by reading this backup file.

Vulnerable Configurations

Part	Description	Count
Application	Bea BEA Weblogic Server 8.1 BEA Weblogic Server 5.1 BEA Weblogic Server 6.1 BEA Weblogic Server 7.0	12

References

http://dev2dev.bea.com/pub/advisory/207
http://osvdb.org/38504
http://secunia.com/advisories/23750
http://securitytracker.com/id?1017525
http://www.securityfocus.com/bid/22082
http://www.vupen.com/english/advisories/2007/0213