CVE-2003-0640

high

Description

BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.

References

http://www.secunia.com/advisories/9232/

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp

Details

Source: Mitre, NVD

Published: 2003-08-27

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.0048