CyberSec.Space Logo
Back to CVE Browser

CVE-2003-0640

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0940%
EPSS Percentile18.34th
PublishedAug 27, 2003
Last ModifiedApr 16, 2026

Vulnerability Description

BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.

Affected Platforms (CPE)

πŸ“¦
Bea

Weblogic Server

All versions
πŸ“¦
Bea

Weblogic Server

All versions

References & Advisories

πŸ”— http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp
πŸ”— http://www.secunia.com/advisories/9232/
πŸ”— http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp
πŸ”— http://www.secunia.com/advisories/9232/

Related Vulnerabilities

CVE-2001-009810.0

Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begi...

CVE-2007-041710.0

BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm...

CVE-2000-068110.0

Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .J...

CVE-2008-325710.0

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and ear...