CVE-2003-1222

BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password.

Published: Dec 31, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-1222
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
bea / weblogic_server	8.1	8.1.x
bea / weblogic_server	8.1-sp1	8.1-sp1.x

http://dev2dev.bea.com/pub/advisory/63
http://www.securityfocus.com/bid/9034

Vulnerability Database

289,697

CVE-2003-1222