VULHUB ™

BEA WebLogic Server and WebLogic Express have been reported prone to a vulnerability that may allow server Operators to view sensitive credentials. The issue is reported to exist because the Operator role is erroneously assigned access to MBean attributes that contain user passwords. An attacker, who is a member of the Operator role, may potentially exploit this vulnerability to disclose sensitive user credentials.

BEA WebLogic Server and WebLogic Express have been reported prone to a vulnerability that may allow server Operators to view sensitive credentials. The issue is reported to exist because the Operator role is erroneously assigned access to MBean attributes that contain user passwords. An attacker, who is a member of the Operator role, may potentially exploit this vulnerability to disclose sensitive user credentials.