Skip to main content

CVE-2007-0409

Severity Low
Score 1.5/10

Summary

BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password.

  • MEDIUM
  • LOCAL
  • SINGLE
  • NONE
  • PARTIAL
  • NONE

References

Advisory Timeline

  • Published