published date: December 31, 2004

CVE-2004-1757 : BEA WebLogic Server and...

Description

BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges.

Product(s):

BEA Systems WebLogic Server 6.1
BEA WebLogic Server 6.1 Express
BEA WebLogic Server 6.1 for Win32
BEA Systems WebLogic Server 6.1 SP1
BEA Systems WebLogic Express 6.1 SP1
BEA Systems WebLogic Server 6.1 SP1 Win32
BEA Systems WebLogic Server 6.1 SP2
BEA Systems WebLogic Express 6.1 SP2
BEA Systems WebLogic Server 6.1 SP2 Win32
BEA Systems WebLogic Server 6.1 SP3
BEA Systems WebLogic Express 6.1 SP3
BEA Systems WebLogic Server 6.1 SP3 Win32
BEA Systems WebLogic Server 6.1 SP4
BEA Systems WebLogic Express 6.1 SP4
BEA Systems WebLogic Server 6.1 SP4 Win32
BEA Systems WebLogic Server 6.1 SP5
BEA Systems WebLogic Express 6.1 SP5
BEA Systems WebLogic Server 6.1 SP5 Win32
BEA Systems WebLogic Server 6.1 SP6
BEA Systems WebLogic Express 6.1 SP6
BEA Systems WebLogic Server 6.1 SP6 Win32
BEA Systems WebLogic Server 6.1 SP7
BEA Systems WebLogic Express 6.1 SP7
BEA Systems WebLogic Server 6.1 SP7 Win32
BEA Systems WebLogic Server 6.1 SP8
BEA Systems WebLogic Express 6.1 SP8
BEA Systems WebLogic Server 6.1 SP8 Win32
BEA Systems WebLogic Server 7.0
BEA WebLogic Server 7.0 Express Edition
BEA WebLogic Server 7.0 for Win32
Bea Weblogic Server 7.0 - Express Edition
BEA Systems WebLogic Server 7.0 Service Pack 1
BEA Systems WebLogic Server 7.0 Service Pack 1 Express Edition
BEA WebLogic Server 7.0 SP1 Express Edition
BEA WebLogic Server 7.0 Service Pack 1 on Win32
BEA Systems WebLogic Server 7.0 Service Pack 2
BEA Systems WebLogic Server 7.0 Service Pack 2 Express Edition
BEA WebLogic Server 7.0 Service Pack 2 Express Edition
BEA WebLogic Server 7.0 Service Pack 2 on Win32
BEA Systems WebLogic Server 7.0 Service Pack 3
BEA Systems WebLogic Server 7.0 Service Pack 3 Express Edition
BEA WebLogic Server 7.0 Service Pack 3 Express Edition
BEA WebLogic Server 7.0 Service Pack 3 on Win32
BEA Systems WebLogic Server 7.0 Service Pack 4
BEA Systems WebLogic Server 7.0 Service Pack 4 Express Edition
BEA WebLogic Server 7.0 SP4 Express
BEA WebLogic Server 7.0 SP4 for Win32
BEA Systems WebLogic Server 7.0 Service Pack 5
BEA Systems WebLogic Server 7.0 Service Pack 5 Express Edition
BEA WebLogic Server 7.0 SP5 Express
BEA WebLogic Server 7.0 SP5 for Win32
BEA Systems WebLogic Server 7.0 Service Pack 6
BEA Systems WebLogic Server 7.0 Service Pack 6 Express Edition
BEA Systems WebLogic Server 7.0 Service Pack 7
BEA Systems WebLogic Server 8.1
BEA WebLogic Server 8.1 Express Edition
BEA WebLogic Server 8.1 on Win32
BEA Systems WebLogic Server 8.1 SP1
BEA Systems WebLogic Express 8.1 SP1
BEA Systems WebLogic Server 8.1 SP1 Win32
BEA Systems WebLogic Server 8.1 SP2
BEA Systems WebLogic Express 8.1 SP2
BEA Systems WebLogic Server 8.1 SP2 Win32
BEA Systems WebLogic Server 8.1 SP3
BEA Systems WebLogic Express 8.1 SP3
BEA Systems WebLogic Server 8.1 SP3 Win32
BEA Systems WebLogic Server 8.1 SP4
BEA Systems WebLogic Express 8.1 SP4
BEA Systems WebLogic Server 8.1 SP4 Win32
BEA Systems WebLogic Server 8.1 SP5
BEA Systems WebLogic Express 8.1 SP5
BEA Systems WebLogic Server 8.1 SP5 Win32
BEA Systems WebLogic Server 8.1 SP6
BEA Systems WebLogic Express 8.1 SP6

CVSS:4.6 [Critical]
EPSS:0.11%
Exploitability:3.9
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-2004-1757, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2004-1757 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://nvd.nist.gov/vuln/detail/CVE-2004-1757

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales