CVE-2003-0640

BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp
http://www.secunia.com/advisories/9232/	Patch Vendor Advisory
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp
http://www.secunia.com/advisories/9232/	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bea:weblogic_server::::::::
	cpe:2.3:a:bea:weblogic_server:::express:::::*

History

20 Nov 2024, 23:45

Type	Values Removed	Values Added
References	~~() http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp -~~	() http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp -
References	~~() http://www.secunia.com/advisories/9232/ - Patch, Vendor Advisory~~	() http://www.secunia.com/advisories/9232/ - Patch, Vendor Advisory

Information

Published : 2003-08-27 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2003-0640

Mitre link : CVE-2003-0640

CVE.ORG link : CVE-2003-0640

JSON object : View

Products Affected

bea

weblogic_server

CWE

NVD-CWE-Other

{"id": "CVE-2003-0640", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-08-27T04:00:00.000", "references": [{"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp", "source": "cve@mitre.org"}, {"url": "http://www.secunia.com/advisories/9232/", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.secunia.com/advisories/9232/", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges."}, {"lang": "es", "value": "BEA WebLogic Server y Express, cuando usa NodeManager para iniciar servidores, provee al usuarios Operadores con privilegios para sobreesctibir nombres de usuario y contrase\u00f1as, lo que puede permitir a Operadores ganar privielgios de Admin."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bea:weblogic_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "868143C0-88F3-47FB-8590-C0B60BE7970D"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:*:*:express:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B0C63A5-F105-4D03-BD2E-B3AAD120A4BD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

10.0 /10