CVE-2006-0423

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
25/01/2006
Last modified:
03/04/2025

Description

BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:oracle:weblogic_portal:8.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_portal:8.1:sp1:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_portal:8.1:sp2:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_portal:8.1:sp3:*:*:*:*:*:*