CVE-2007-5576 — Sensitive Information Exposure in Tuxedo

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.8%

top 26.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

BEA Tuxedo BEA Weblogic Integration BEA Weblogic Server +2 more

Timeline

PublishedOct 18

Latest updateMay 1

Description

BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.1 | Impact: 10.0

Affected Packages5 packages

▶NVDbea/tuxedo8.0, 8.1+1

▶NVDbea/weblogic_server8 versions+7

▶NVDbea/weblogic_workshop8.1

▶NVDoracle/weblogic_portal9.2

▶NVDbea/weblogic_integration8.1, 9.2+1

🔴Vulnerability Details

GHSA

GHSA-xc7h-mpv6-3v2w: BEA Tuxedo 8↗2022-05-01

▶

CVEList

CVE-2007-5576: BEA Tuxedo 8↗2007-10-18

▶