CVE-2006-2546 — Weblogic Server vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 41.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

BEA Weblogic Server

Timeline

PublishedMay 23

Latest updateMay 1

Description

A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDbea/weblogic_server8.1

Patches

Patch: dev2dev.bea.com ↗Patch: dev2dev.bea.com ↗

🔴Vulnerability Details

GHSA

GHSA-c83r-mv7q-x25g: A recommended admin password reset mechanism for BEA WebLogic Server 8↗2022-05-01

▶

CVEList

CVE-2006-2546: A recommended admin password reset mechanism for BEA WebLogic Server 8↗2006-05-23

▶