CVE-2007-5576
published 2007-10-18CVE-2007-5576: BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate…
PriorityP418medium6.8CVSS 2.0
AVLACLAuSCCICAC
EPSS
1.00%
58.5th percentile
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bea | tuxedo | — | — |
| bea | tuxedo | — | — |
| bea | weblogic_integration | — | — |
| bea | weblogic_integration | — | — |
| bea | weblogic_server | — | — |
| bea | weblogic_server | — | — |
| bea | weblogic_server | — | — |
| bea | weblogic_server | — | — |
| bea | weblogic_server | — | — |
| bea | weblogic_server | — | — |
| bea | weblogic_server | — | — |
| bea | weblogic_server | — | — |
| bea | weblogic_workshop | — | — |
| oracle | weblogic_portal | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://dev2dev.bea.com/pub/advisory/226http://osvdb.org/45478http://www.vupen.com/english/advisories/2007/1813https://exchange.xforce.ibmcloud.com/vulnerabilities/34290http://dev2dev.bea.com/pub/advisory/226http://osvdb.org/45478http://www.vupen.com/english/advisories/2007/1813https://exchange.xforce.ibmcloud.com/vulnerabilities/34290
2007-10-18
Published