Unrated severityNVD Advisory· Published Dec 31, 2003· Updated Jun 16, 2026
CVE-2003-1224
CVE-2003-1224
Description
Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen.
Affected products
23cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*+ 22 more
- cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*
- (no CPE)range: 7.0, 7.0.0.1
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.