CVE-2007-2700Weblogic Server vulnerability

3 documents3 sources
Severity
4.0MEDIUMNVD
EPSS
0.3%
top 43.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
BEA Weblogic Server
Timeline
PublishedMay 16
Latest updateMay 1

Description

The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

NVDbea/weblogic_server9.0, 9.1+1

🔴Vulnerability Details

2
GHSA
GHSA-pj5m-7gqr-5h69: The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 92022-05-01
CVEList
CVE-2007-2700: The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 92007-05-16
CVE-2007-2700 — BEA Weblogic Server vulnerability | cvebase