BEA WebLogic 7.0 up to and including 7.0 SP6, 8.1 up to and including 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bea weblogic server 9.0 |
||
bea weblogic server |
||
bea weblogic server 7.0 |
||
bea weblogic server 8.1 |