CVE-2006-2546

critical

Description

A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26460

http://www.vupen.com/english/advisories/2006/1828

http://securitytracker.com/id?1016101

http://secunia.com/advisories/20130

http://dev2dev.bea.com/pub/advisory/193

Details

Source: Mitre, NVD

Published: 2006-05-23

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00371