published date: August 27, 2003

CVE-2003-0640 : BEA WebLogic Server and...

Description

BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.

Product(s):

BEA WebLogic Server
BEA WebLogic Server Express Edition
BEA Systems WebLogic Server
BEA Systems WebLogic Server 10.0
BEA Systems WebLogic Server 3.1.8
BEA Systems WebLogic Server 4.0.4
BEA Systems WebLogic Server 4.0
BEA Systems WebLogic Server 4.5.1
BEA Systems WebLogic Server 4.5.1 SP15
BEA Systems WebLogic Server 4.5.2
BEA Systems WebLogic Server 4.5.2 SP1
BEA Systems WebLogic Server 4.5.2 SP2
BEA Systems WebLogic Server 4.5
BEA Systems WebLogic Server 5.1
BEA Systems WebLogic Server 5.1 SP10
BEA Systems WebLogic Express 5.1 SP10
BEA Systems WebLogic Server 5.1 SP10 Win32
BEA Systems WebLogic Server 5.1 SP11
BEA Systems WebLogic Express 5.1 SP11
BEA Systems WebLogic Server 5.1 SP11 Win32
BEA Systems WebLogic Server 5.1 SP12
BEA Systems WebLogic Express 5.1 SP12
BEA Systems WebLogic Server 5.1 SP12 Win32
BEA Systems WebLogic Server 5.1 SP13
BEA Systems WebLogic Express 5.1 SP13
BEA Systems WebLogic Server 5.1 SP13 Win32
BEA Systems WebLogic Server 5.1 SP1
BEA Systems WebLogic Express 5.1 SP1
BEA Systems WebLogic Server 5.1 SP1 Win32
BEA Systems WebLogic Server 5.1 SP2
BEA Systems WebLogic Express 5.1 SP2
BEA Systems WebLogic Server 5.1 SP2 Win32
BEA Systems WebLogic Server 5.1 SP3
BEA Systems WebLogic Express 5.1 SP3
BEA Systems WebLogic Server 5.1 SP3 Win32
BEA Systems WebLogic Server 5.1 SP4
BEA Systems WebLogic Express 5.1 SP4
BEA Systems WebLogic Server 5.1 SP4 Win32
BEA Systems WebLogic Server 5.1 SP5
BEA Systems WebLogic Express 5.1 SP5
BEA Systems WebLogic Server 5.1 SP5 Win32
BEA Systems WebLogic Server 5.1 SP6
BEA Systems WebLogic Express 5.1 SP6
BEA Systems WebLogic Server 5.1 SP6 Win32
BEA Systems WebLogic Server 5.1 SP7
BEA Systems WebLogic Express 5.1 SP7
BEA Systems WebLogic Server 5.1 SP7 Win32
BEA Systems WebLogic Server 5.1 SP8
BEA Systems WebLogic Express 5.1 SP8
BEA Systems WebLogic Server 5.1 SP8 Win32
BEA Systems WebLogic Server 5.1 SP9
BEA Systems WebLogic Express 5.1 SP9
BEA Systems WebLogic Server 5.1 SP9 Win32
BEA Systems WebLogic Server 6.0
BEA Systems WebLogic Server 6.1
BEA Systems WebLogic Server 6.1 SP1
BEA Systems WebLogic Express 6.1 SP1
BEA Systems WebLogic Server 6.1 SP1 Win32
BEA Systems WebLogic Server 6.1 SP2
BEA Systems WebLogic Express 6.1 SP2
BEA Systems WebLogic Server 6.1 SP2 Win32
BEA Systems WebLogic Server 6.1 SP3
BEA Systems WebLogic Express 6.1 SP3
BEA Systems WebLogic Server 6.1 SP3 Win32
BEA Systems WebLogic Server 6.1 SP4
BEA Systems WebLogic Express 6.1 SP4
BEA Systems WebLogic Server 6.1 SP4 Win32
BEA Systems WebLogic Server 6.1 SP5
BEA Systems WebLogic Express 6.1 SP5
BEA Systems WebLogic Server 6.1 SP5 Win32
BEA Systems WebLogic Server 6.1 SP6
BEA Systems WebLogic Express 6.1 SP6
BEA Systems WebLogic Server 6.1 SP6 Win32
BEA Systems WebLogic Server 6.1 SP7
BEA Systems WebLogic Express 6.1 SP7
BEA Systems WebLogic Server 6.1 SP7 Win32
BEA Systems WebLogic Server 6.1 SP8
BEA Systems WebLogic Express 6.1 SP8
BEA Systems WebLogic Server 6.1 SP8 Win32
BEA Systems WebLogic Server 7.0.0.1
BEA Systems WebLogic Server 7.0.0.1 SP1
BEA Systems WebLogic Express 7.0.0.1 SP1
BEA Systems WebLogic Server 7.0.0.1 SP1 Win32
BEA Systems WebLogic Server 7.0.0.1 SP2
BEA Systems WebLogic Express 7.0.0.1 SP2
BEA Systems WebLogic Server 7.0.0.1 SP2 Win32
BEA Systems WebLogic Server 7.0.0.1 SP3
BEA Systems WebLogic Express 7.0.0.1 SP3
BEA Systems WebLogic Server 7.0.0.1 SP4
BEA Systems WebLogic Express 7.0.0.1 SP4
BEA Systems WebLogic Server 7.0
Bea Weblogic Server 7.0 - Express Edition
BEA Systems WebLogic Server 7.0 Service Pack 1
BEA Systems WebLogic Server 7.0 Service Pack 1 Express Edition
BEA Systems WebLogic Server 7.0 Service Pack 2
BEA Systems WebLogic Server 7.0 Service Pack 2 Express Edition
BEA Systems WebLogic Server 7.0 Service Pack 3
BEA Systems WebLogic Server 7.0 Service Pack 3 Express Edition
BEA Systems WebLogic Server 7.0 Service Pack 4
BEA Systems WebLogic Server 7.0 Service Pack 4 Express Edition
+32 additional

CVSS:10 [Critical]
EPSS:0.65%
Exploitability:10
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-2003-0640, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2003-0640 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://nvd.nist.gov/vuln/detail/CVE-2003-0640

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales