Unrated severityNVD Advisory· Published May 16, 2007· Updated Jun 16, 2026
CVE-2007-2700
CVE-2007-2700
Description
The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information.
Affected products
6cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:9.0:*:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:9.1:*:express:*:*:*:*:*
- (no CPE)range: 9.0, 9.1
- Range: 9.0, 9.1
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.