Unrated severityNVD Advisory· Published Dec 31, 2003· Updated Jun 16, 2026

CVE-2003-1222

Description

BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password.

Affected products

Bea/WebLogic Server4 versions
cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/9034nvdPatch
dev2dev.bea.com/pub/advisory/63nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000