CVE-2007-0409

medium

Description

BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password.

References

http://www.vupen.com/english/advisories/2007/0213

http://www.securityfocus.com/bid/22082

http://securitytracker.com/id?1017525

http://secunia.com/advisories/23750

http://osvdb.org/38501

http://dev2dev.bea.com/pub/advisory/203

Details

Source: Mitre, NVD

Published: 2007-01-23

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 1.5

Vector: CVSS2#AV:L/AC:M/Au:S/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00078