VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 25, 2006· Updated Jun 16, 2026

CVE-2006-0427

CVE-2006-0427

Description

Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted.

Affected products

22
  • Bea/WebLogic Server21 versions
    cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*+ 20 more
    • cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:sp5:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:9.0:sp1:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:9.0:sp1:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:9.0:sp2:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:9.0:sp2:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:9.0:sp3:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:9.0:sp3:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:9.0:sp4:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:9.0:sp4:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:9.0:sp5:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:9.0:sp5:express:*:*:*:*:*
    • (no CPE)range: 8.1 through SP5, 9.0
  • Bea/WebLogic Expressllm-fuzzy
    Range: 8.1 through SP5, 9.0

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.