CVE-2006-2468Weblogic Server vulnerability

3 documents3 sources
Severity
4.0MEDIUMNVD
EPSS
0.3%
top 45.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
BEA Weblogic Server
Timeline
PublishedMay 19
Latest updateMay 1

Description

The WebLogic Server Administration Console in BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 displays the domain name in the Console login form, which allows remote attackers to obtain sensitive information.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

NVDbea/weblogic_server7.0, 8.1+1

Patches

Patch: dev2dev.bea.comPatch: secunia.comPatch: dev2dev.bea.com

🔴Vulnerability Details

2
GHSA
GHSA-2rgv-x2r3-cwjp: The WebLogic Server Administration Console in BEA WebLogic Server 82022-05-01
CVEList
CVE-2006-2468: The WebLogic Server Administration Console in BEA WebLogic Server 82006-05-19
CVE-2006-2468 — BEA Weblogic Server vulnerability | cvebase