← CVECheck
HomeVulnerabilities

CVE-2004-1758 — MEDIUM severity vulnerability (BEA WebLogic Server and WebLogic Express version 8.1 up to S)

BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges.

CVE IDCVE-2004-1758
SeverityMEDIUM
CVSS score4.6
CVSS vectorAV:L/AC:L/Au:N/C:P/I:P/A:P
CWENVD-CWE-Other
StatusModified
Published2004-04-13
Last modified2026-04-16
DescriptionBEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →