CVE-2003-1222 — Weblogic Server vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 50.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

BEA Weblogic Server

Timeline

PublishedDec 31

Latest updateApr 29

Description

BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDbea/weblogic_server8.1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-p899-xcmv-4c85: BEA Weblogic Express and Server 8↗2022-04-29

▶

CVEList

CVE-2003-1222: BEA Weblogic Express and Server 8↗2005-08-16

▶