Unrated severityNVD Advisory· Published Jan 23, 2007· Updated Jun 16, 2026
CVE-2007-0409
CVE-2007-0409
Description
BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password.
Affected products
6cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:*:sp4:*:*:*:*:*:*range: <=8.1
- cpe:2.3:a:bea:weblogic_server:*:sp6:*:*:*:*:*:*range: <=7.0
- (no CPE)range: 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, 9.0 initial release
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.