Vulnerabilities > CVE-2007-2698 - Remote Security vulnerability in BEA Weblogic Server 9.0

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

bea

NVD

Published: 2007-05-16

Updated: 2017-07-29

Summary

The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information. The vendor has issued product updates to addresses these issues: BEA WebLogic Server patches: http://commerce.bea.com/showallversions.jsp?family=WLS BEA WebLogic Platform patches: http://commerce.bea.com/showallversions.jsp?family=WLP

Vulnerable Configurations

Part	Description	Count
Application	Bea BEA Weblogic Server 9.0	1

References

http://dev2dev.bea.com/pub/advisory/230
http://osvdb.org/36071
http://securitytracker.com/id?1018057
http://www.vupen.com/english/advisories/2007/1815
https://exchange.xforce.ibmcloud.com/vulnerabilities/34286