CVE-2004-2321

high

Description

BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/14962

http://www.securitytracker.com/alerts/2004/Jan/1008867.html

http://www.securityfocus.com/bid/9505

http://dev2dev.bea.com/pub/advisory/1

Details

Source: Mitre, NVD

Published: 2004-12-31

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00034