cbcvebase.
CVE-2007-5576
published 2007-10-18

CVE-2007-5576: BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate…

PriorityP418medium6.8CVSS 2.0
AVLACLAuSCCICAC
EPSS
1.00%
58.5th percentile
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.

Affected

14 ranges
VendorProductVersion rangeFixed in
beatuxedo
beatuxedo
beaweblogic_integration
beaweblogic_integration
beaweblogic_server
beaweblogic_server
beaweblogic_server
beaweblogic_server
beaweblogic_server
beaweblogic_server
beaweblogic_server
beaweblogic_server
beaweblogic_workshop
oracleweblogic_portal
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.