ReportizFlow
Filtered by vendor Bea
Subscriptions
Filtered by product Weblogic Server
Subscriptions
Total
151 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0863 | 1 Bea | 1 Weblogic Server | 2025-04-09 | N/A |
| BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks. | ||||
| CVE-2008-0895 | 1 Bea | 1 Weblogic Server | 2025-04-09 | N/A |
| BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers. | ||||
| CVE-2008-0899 | 1 Bea | 1 Weblogic Server | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page. | ||||
| CVE-2008-0901 | 2 Bea, Bea Systems | 2 Weblogic Server, Weblogic Server | 2025-04-09 | N/A |
| BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not. | ||||
| CVE-2007-2695 | 1 Bea | 1 Weblogic Server | 2025-04-09 | N/A |
| The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access administrative data or functionality. | ||||
| CVE-2006-2470 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| Unspecified vulnerability in the WebLogic Server Administration Console for BEA WebLogic Server 9.0 prevents the console from setting custom JDBC security policies correctly, which could allow attackers to bypass intended policies. | ||||
| CVE-2003-1224 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen. | ||||
| CVE-2004-0204 | 4 Bea, Borland Software, Businessobjects and 1 more | 9 Weblogic Server, J Builder, Crystal Enterprise and 6 more | 2025-04-03 | N/A |
| Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx. | ||||
| CVE-2003-1222 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password. | ||||
| CVE-2003-1095 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate. | ||||
| CVE-2005-1744 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 9.8 Critical |
| BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings. | ||||
| CVE-2003-1220 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL. | ||||
| CVE-2005-4762 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges. | ||||
| CVE-2003-0733 | 1 Bea | 3 Liquid Data, Weblogic Integration, Weblogic Server | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application. | ||||
| CVE-2003-0640 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges. | ||||
| CVE-2003-1221 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions. | ||||
| CVE-2003-0624 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter. | ||||
| CVE-2003-1223 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap. | ||||
| CVE-2005-4764 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account name to cause a denial of service (blocked admin logins). | ||||
| CVE-2002-1030 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections. | ||||