Unrated severityNVD Advisory· Published Jan 25, 2006· Updated Jun 16, 2026
CVE-2006-0426
CVE-2006-0426
Description
BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges.
Affected products
9cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*
- (no CPE)range: 8.1 - SP4
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- dev2dev.bea.com/pub/advisory/170nvdPatchVendor Advisory
- secunia.com/advisories/18592nvdPatchVendor Advisory
- securitytracker.com/idnvdPatch
- www.osvdb.org/22775nvd
- www.securityfocus.com/bid/16358nvd
- www.vupen.com/english/advisories/2006/0313nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/24290nvd
News mentions
0No linked articles in our index yet.