Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
BEA WebLogic多个远程或本地安全漏洞
Vulnerability Description
BEA Systems WebLogic包含多种应用系统集成方案,包括Server/Express/Integration等。 WebLogic中存在多个漏洞,具体如下: 1 任何域的系统管理员都可以访问WebLogic管理控制台所管理的多个域。 2 远程Java客户端可以利用MBean漏洞访问受保护的MBean属性或对服务器发动拒绝服务攻击。 3 WebLogic Portal RDBMS认证提供者的数据库口令以明文存储在服务器系统文件的config.xml文件中。如果攻击者能够访问这个文件的话,就可以
CVSS Information
N/A
Vulnerability Type
N/A