Unrated severityNVD Advisory· Published Dec 1, 2003· Updated Apr 16, 2026

CVE-2003-0621

Description

The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument.

Affected products

Bea/Tuxedo6 versions
cpe:2.3:a:bea:tuxedo:6.3:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:bea:tuxedo:6.3:*:*:*:*:*:*:*
- cpe:2.3:a:bea:tuxedo:6.4:*:*:*:*:*:*:*
- cpe:2.3:a:bea:tuxedo:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:bea:tuxedo:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:bea:tuxedo:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:bea:tuxedo:8.1:*:*:*:*:*:*:*
Bea/Weblogic Server3 versions
cpe:2.3:a:bea:weblogic_server:4.2:*:enterprise:*:*:*:*:*+ 2 more
- cpe:2.3:a:bea:weblogic_server:4.2:*:enterprise:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:5.0.1:*:enterprise:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:5.1:*:enterprise:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jspnvdPatchVendor Advisory
www.securityfocus.com/bid/8931nvdExploitPatchVendor Advisory
marc.infonvd
exchange.xforce.ibmcloud.com/vulnerabilities/13559nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000