CVE-2003-0640

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

B

EA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.

References

Link	Resource
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp
http://www.secunia.com/advisories/9232/	Patch Vendor Advisory
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp
http://www.secunia.com/advisories/9232/	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bea:weblogic_server::::::::
	cpe:2.3:a:bea:weblogic_server:::express:::::*

History

20 Nov 2024, 23:45

Type	Values Removed	Values Added
References	~~() http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp -~~	() http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp -
References	~~() http://www.secunia.com/advisories/9232/ - Patch, Vendor Advisory~~	() http://www.secunia.com/advisories/9232/ - Patch, Vendor Advisory

Information

Published : 2003-08-27 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2003-0640

Mitre link : CVE-2003-0640

CVE.ORG link : CVE-2003-0640

JSON object : View

Products Affected

weblogic_server

CWE

NVD-CWE-Other

{"id": "CVE-2003-0640", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-08-27T04:00:00.000", "references": [{"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp", "source": "[email protected]"}, {"url": "http://www.secunia.com/advisories/9232/", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}, {"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.secunia.com/advisories/9232/", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges."}, {"lang": "es", "value": "BEA WebLogic Server y Express, cuando usa NodeManager para iniciar servidores, provee al usuarios Operadores con privilegios para sobreesctibir nombres de usuario y contrase\u00f1as, lo que puede permitir a Operadores ganar privielgios de Admin."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bea:weblogic_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "868143C0-88F3-47FB-8590-C0B60BE7970D"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:*:*:express:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B0C63A5-F105-4D03-BD2E-B3AAD120A4BD"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}