BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate malicious users to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bea weblogic integration 8.1 |
||
bea weblogic integration 9.2 |
||
bea weblogic server 6.1 |
||
bea weblogic server 7.0.0.1 |
||
bea weblogic server 7.0 |
||
bea weblogic server 8.1 |
||
bea weblogic server 9.1 |
||
bea weblogic server 9.2 |
||
bea weblogic workshop 8.1 |
||
bea weblogic server 9.0 |
||
bea tuxedo 8.0 |
||
bea tuxedo 8.1 |
||
oracle weblogic portal 9.2 |
||
bea weblogic server 5.1 |