CVE-2007-2698

The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://dev2dev.bea.com/pub/advisory/230	Patch Vendor Advisory
http://osvdb.org/36071
http://securitytracker.com/id?1018057
http://www.vupen.com/english/advisories/2007/1815
https://exchange.xforce.ibmcloud.com/vulnerabilities/34286

Configurations

Configuration 1 (hide)

cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-05-16 01:19

Updated : 2017-07-29 01:31

NVD link : CVE-2007-2698

Mitre link : CVE-2007-2698

CVE.ORG link : CVE-2007-2698

JSON object : View

Products Affected

bea

weblogic_server

CWE

NVD-CWE-Other

{"id": "CVE-2007-2698", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-05-16T01:19:00.000", "references": [{"url": "http://dev2dev.bea.com/pub/advisory/230", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/36071", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1018057", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1815", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34286", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information."}, {"lang": "es", "value": "La Consola de Administraci\u00f3n en BEA WebLogic Server 9.0 puede mostrar los atributos del Servicio Web en texto plano durante la configuraci\u00f3n, lo cual permite a atacantes remotos obtener informaci\u00f3n credencial sensible."}], "lastModified": "2017-07-29T01:31:39.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CA97F1A-49F7-4511-8959-D62155491DF5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "The vendor has issued product updates to addresses these issues:\r\n\r\nBEA WebLogic Server patches:\r\nhttp://commerce.bea.com/showallversions.jsp?family=WLS\r\n\r\nBEA WebLogic Platform patches:\r\nhttp://commerce.bea.com/showallversions.jsp?family=WLP"}