VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2003· Updated Jun 16, 2026

CVE-2003-1225

CVE-2003-1225

Description

The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords.

Affected products

20
  • Bea/WebLogic Server20 versions
    cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*+ 19 more
    • cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*
    • (no CPE)range: = 7.0, 7.0.0.1

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.