CVE-2005-1745Weblogic Server vulnerability

3 documents3 sources
Severity
4.6MEDIUMNVD
EPSS
0.5%
top 32.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
BEA Weblogic ServerOracle Weblogic Portal
Timeline
PublishedMay 24
Latest updateMay 1

Description

The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

NVDbea/weblogic_server5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-2j7f-m85p-rvqj: The UserLogin control in BEA WebLogic Portal 82022-05-01
CVEList
CVE-2005-1745: The UserLogin control in BEA WebLogic Portal 82005-05-24
CVE-2005-1745 — BEA Weblogic Server vulnerability | cvebase