CVE-2007-0409

CVE-2007-0409 · LOW Severity

AV:L/AC:M/AU:S/C:P/I:N/A:N

BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password.

Learn more about our Web App Pen Testing.