Local Privilege Escalation: Administrator Password Disclosure in BEA WebLogic Server and Express 8.1 SP1 and earlier

Local Privilege Escalation: Administrator Password Disclosure in BEA WebLogic Server and Express 8.1 SP1 and earlier

CVE-2004-2321 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword.

Learn more about our Web App Pen Testing.