The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bea weblogic server 9.1 |
||
bea weblogic server 9.0 |