BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate malicious users to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bea weblogic server 8.1 |
||
bea weblogic server 7.0 |
||
bea weblogic server 7.0.0.1 |
||
bea weblogic server 6.1 |
||
bea tuxedo 8.0 |
||
bea weblogic integration 8.1 |
||
bea weblogic server 9.0 |
||
bea weblogic server 9.2 |
||
bea weblogic workshop 8.1 |
||
bea weblogic integration 9.2 |
||
bea weblogic server 5.1 |
||
bea weblogic server 9.1 |
||
bea tuxedo 8.1 |
||
oracle weblogic portal 9.2 |