CVE-2004-2321 Information

Description

BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword.

Reference

http://dev2dev.bea.com/pub/advisory/1 http://www.securityfocus.com/bid/9505 http://www.securitytracker.com/alerts/2004/Jan/1008867.html https://exchange.xforce.ibmcloud.com/vulnerabilities/14962