Unrated severityNVD Advisory· Published Jan 25, 2006· Updated Jun 16, 2026
CVE-2006-0423
CVE-2006-0423
Description
BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges.
Affected products
5cpe:2.3:a:oracle:weblogic_portal:8.1:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:oracle:weblogic_portal:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_portal:8.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_portal:8.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_portal:8.1:sp3:*:*:*:*:*:*
- Range: >=8.1, <=8.1 SP3
Patches
Vulnerability mechanics
References
9- dev2dev.bea.com/pub/advisory/167nvdPatchVendor Advisory
- securitytracker.com/idnvdPatch
- dev2dev.bea.com/pub/advisory/262nvd
- secunia.com/advisories/18593nvd
- www.securityfocus.com/bid/16358nvd
- www.vupen.com/english/advisories/2006/0312nvd
- www.vupen.com/english/advisories/2008/0613nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/24284nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/40705nvd
News mentions
0No linked articles in our index yet.