BEA WebLogic Server and Express 8.1 SP1 and previous versions allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bea weblogic server 8.1 |