Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0621 — Tuxedo vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

6.8%

top 8.64%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

BEA Tuxedo BEA Weblogic Server

Timeline

PublishedDec 1

Latest updateApr 29

Description

The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDbea/tuxedo6 versions+5

▶NVDbea/weblogic_server4.2, 5.0.1, 5.1+2

Patches

Patch: dev2dev.bea.com ↗Patch: www.securityfocus.com ↗Patch: dev2dev.bea.com ↗

🔴Vulnerability Details

GHSA

GHSA-wv5f-w845-j8hh: The Administration Console for BEA Tuxedo 8↗2022-04-29

▶

CVEList

CVE-2003-0621: The Administration Console for BEA Tuxedo 8↗2003-11-05

▶

💥Exploits & PoCs

Exploit-DB

BEA Tuxedo 6/7/8 and WebLogic Enterprise 4/5 - Input Validation↗2003-10-30

▶