Unrated severityNVD Advisory· Published Jan 25, 2006· Updated Apr 16, 2026

CVE-2006-0423

Description

BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges.

Affected products

Oracle Corporation/Weblogic Portal4 versions
cpe:2.3:a:oracle:weblogic_portal:8.1:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:oracle:weblogic_portal:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_portal:8.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_portal:8.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_portal:8.1:sp3:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

dev2dev.bea.com/pub/advisory/167nvdPatchVendor Advisory
securitytracker.com/idnvdPatch
dev2dev.bea.com/pub/advisory/262nvd
secunia.com/advisories/18593nvd
www.securityfocus.com/bid/16358nvd
www.vupen.com/english/advisories/2006/0312nvd
www.vupen.com/english/advisories/2008/0613nvd
exchange.xforce.ibmcloud.com/vulnerabilities/24284nvd
exchange.xforce.ibmcloud.com/vulnerabilities/40705nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000