Every CVE whose affected-product data names Bea Weblogic Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (149)
CVE-2001-0098 — CVSS 10.0 (critical): Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a…
CVE-2003-0640 — CVSS 10.0 (critical): BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames…
CVE-2000-0684 — CVSS 10.0 (critical): BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP…
CVE-2000-0681 — CVSS 10.0 (critical): Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP…
CVE-2000-0685 — CVSS 10.0 (critical): BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute…
CVE-2008-3257 — CVSS 10.0 (critical): Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier…
CVE-2007-0417 — CVSS 10.0 (critical): BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows…
CVE-2005-1744 — CVSS 9.8 (critical): BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows…
CVE-2008-0897 — CVSS 7.9 (high): Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass…
CVE-2007-4617 — CVSS 7.8 (high): Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP4 allows remote…
CVE-2007-4618 — CVSS 7.8 (high): Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of…
CVE-2005-4764 — CVSS 7.8 (high): BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which…
CVE-2005-4765 — CVSS 7.6 (high): BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 SP6 and earlier, when using the weblogic.Deployer command with the t3…
CVE-2006-2469 — CVSS 7.5 (high): The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext…
CVE-2000-0499 — CVSS 7.5 (high): The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a…
CVE-2003-0151 — CVSS 7.5 (high): BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative…
CVE-2002-2142 — CVSS 7.5 (high): An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0…
CVE-2004-0711 — CVSS 7.5 (high): The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal…
CVE-2007-0425 — CVSS 7.5 (high): Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to…
CVE-2005-4756 — CVSS 7.5 (high): BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with…
CVE-2005-4757 — CVSS 7.5 (high): BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly "constrain" a "/" (slash) servlet…
CVE-2005-4750 — CVSS 7.5 (high): BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier allow remote attackers to cause…
CVE-2000-1238 — CVSS 7.5 (high): BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or…
CVE-2007-0418 — CVSS 7.5 (high): BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for…
CVE-2005-4763 — CVSS 7.5 (high): BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB…
CVE-2005-1743 — CVSS 7.5 (high): BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security…
CVE-2007-0416 — CVSS 7.5 (high): The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages…
CVE-2006-0426 — CVSS 7.5 (high): BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the…
CVE-2007-0408 — CVSS 7.5 (high): BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote…
CVE-2006-2470 — CVSS 7.5 (high): Unspecified vulnerability in the WebLogic Server Administration Console for BEA WebLogic Server 9.0 prevents the console from setting…
CVE-2007-4614 — CVSS 7.5 (high): BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable…
CVE-2004-0204 — CVSS 7.5 (high): Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used…
CVE-2004-0470 — CVSS 7.5 (high): BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the…
CVE-2002-2141 — CVSS 7.5 (high): BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove…
CVE-2003-1094 — CVSS 7.2 (high): BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as…
CVE-2004-0652 — CVSS 7.2 (high): BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the…
CVE-2005-4762 — CVSS 7.2 (high): BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot…
CVE-2008-0901 — CVSS 7.1 (high): BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when…
CVE-2007-2699 — CVSS 7.1 (high): The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security…
CVE-2005-4751 — CVSS 6.8 (medium): Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6 and…
CVE-2007-0411 — CVSS 6.8 (medium): BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which…
CVE-2007-5576 — CVSS 6.8 (medium): BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows…
CVE-2005-1380 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the…
CVE-2007-4613 — CVSS 6.8 (medium): SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to…
CVE-2003-0733 — CVSS 6.8 (medium): Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express…
CVE-2007-2696 — CVSS 6.8 (medium): The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front…
CVE-2005-1747 — CVSS 6.8 (medium): Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service…
CVE-2007-4615 — CVSS 6.4 (medium): The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes…
CVE-2004-0713 — CVSS 6.4 (medium): The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through…
CVE-2008-0895 — CVSS 6.4 (medium): BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via…
CVE-2010-2375 — CVSS 6.4 (medium): Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion…
CVE-2006-0422 — CVSS 6.4 (medium): Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7…
CVE-2006-0419 — CVSS 6.4 (medium): BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server…
CVE-2007-0421 — CVSS 6.4 (medium): BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption)…
CVE-2007-4616 — CVSS 6.4 (medium): The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0…
CVE-2008-0900 — CVSS 6.0 (medium): Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote…
CVE-2008-0898 — CVSS 5.8 (medium): The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a…
CVE-2004-2696 — CVSS 5.5 (medium): BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol…
CVE-2007-2704 — CVSS 5.4 (medium): BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port unavailability) by accessing a…
CVE-2005-4766 — CVSS 5.4 (medium): BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow…
CVE-2004-2320 — CVSS 5.3 (medium): The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through…
CVE-2007-2697 — CVSS 5.1 (medium): The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain…
CVE-2007-2695 — CVSS 5.1 (medium): The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5…
CVE-2005-4760 — CVSS 5.1 (medium): BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDelegatedAuthorization is enabled for a…
CVE-2004-0715 — CVSS 5.1 (medium): The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly…
CVE-2005-4767 — CVSS 5.1 (medium): BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does…
CVE-2006-1351 — CVSS 5.0 (medium): BEA WebLogic Server 6.1 SP7 and earlier allows remote attackers to read arbitrary files via unknown attack vectors related to a "default…
CVE-2000-0500 — CVSS 5.0 (medium): The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with…
CVE-2000-0682 — CVSS 5.0 (medium): BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the…
CVE-2000-0683 — CVSS 5.0 (medium): BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the…
CVE-2002-0106 — CVSS 5.0 (medium): BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an…
CVE-2003-0621 — CVSS 5.0 (medium): The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root…
CVE-2003-0622 — CVSS 5.0 (medium): The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname…
CVE-2003-1220 — CVSS 5.0 (medium): BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of…
CVE-2003-1221 — CVSS 5.0 (medium): BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the…
CVE-2003-1222 — CVSS 5.0 (medium): BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the…
CVE-2003-1223 — CVSS 5.0 (medium): The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node…
CVE-2003-1290 — CVSS 5.0 (medium): BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain…
CVE-2004-1756 — CVSS 5.0 (medium): BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager…
CVE-2004-2424 — CVSS 5.0 (medium): BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service (network port consumption)…
CVE-2005-0432 — CVSS 5.0 (medium): BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest…
CVE-2005-1742 — CVSS 5.0 (medium): BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection…
CVE-2005-1746 — CVSS 5.0 (medium): The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a…
CVE-2005-1748 — CVSS 5.0 (medium): The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote…
CVE-2005-1749 — CVSS 5.0 (medium): Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU…
CVE-2005-4704 — CVSS 5.0 (medium): Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is…
CVE-2005-4705 — CVSS 5.0 (medium): BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an…
CVE-2005-4749 — CVSS 5.0 (medium): HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and…
CVE-2005-4753 — CVSS 5.0 (medium): BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, in certain "heavy usage" scenarios, report incorrect…
CVE-2005-4754 — CVSS 5.0 (medium): BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow remote attackers to obtain sensitive information (intranet IP addresses)…
CVE-2005-4759 — CVSS 5.0 (medium): BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system platforms, do not warn the administrative…
CVE-2006-0420 — CVSS 5.0 (medium): BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative…
CVE-2006-0430 — CVSS 5.0 (medium): Certain configurations of BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6, when connection filters are…
CVE-2006-1352 — CVSS 5.0 (medium): BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and WebLogic Server 6.1 SP7 and earlier allow remote…
CVE-2006-2461 — CVSS 5.0 (medium): BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some…
CVE-2006-2462 — CVSS 5.0 (medium): BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6, may send sensitive data over non-secure channels when using…
CVE-2006-2471 — CVSS 5.0 (medium): Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote…
CVE-2006-2546 — CVSS 5.0 (medium): A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator…
CVE-2007-0410 — CVSS 5.0 (medium): Unspecified vulnerability in the thread management in BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1, when T3…
CVE-2007-0412 — CVSS 5.0 (medium): BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary files…
CVE-2007-0414 — CVSS 5.0 (medium): BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a denial of…
CVE-2007-0415 — CVSS 5.0 (medium): BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an…
CVE-2007-0419 — CVSS 5.0 (medium): The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows…
CVE-2007-0420 — CVSS 5.0 (medium): BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which…
CVE-2007-0422 — CVSS 5.0 (medium): BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server…
CVE-2007-0424 — CVSS 5.0 (medium): Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netscape…
CVE-2007-2698 — CVSS 5.0 (medium): The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows…
CVE-2008-0863 — CVSS 5.0 (medium): BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to…
CVE-2006-2472 — CVSS 4.9 (medium): Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 through SP5, 7.0 through SP6, and 6.1 through SP7 allows untrusted…
CVE-2007-2701 — CVSS 4.6 (medium): The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and…
CVE-2004-1758 — CVSS 4.6 (medium): BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and…
CVE-2003-1095 — CVSS 4.6 (medium): BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear…
CVE-2003-1093 — CVSS 4.6 (medium): BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password…
CVE-2006-0421 — CVSS 4.6 (medium): By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same…
CVE-2004-1757 — CVSS 4.6 (medium): BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local…
CVE-2006-2464 — CVSS 4.6 (medium): stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6 displays the administrator password to…
CVE-2005-4752 — CVSS 4.6 (medium): BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using…
CVE-2005-1745 — CVSS 4.6 (medium): The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login…
CVE-2004-0712 — CVSS 4.6 (medium): The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that…
CVE-2007-0413 — CVSS 4.4 (medium): BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a backup of config.xml after offline editing, which allows local users to…
CVE-2008-0902 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to…
CVE-2003-1438 — CVSS 4.3 (medium): Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful…
CVE-2007-2694 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1…
CVE-2008-0869 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote…
CVE-2008-0899 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote…
CVE-2003-0624 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject…
CVE-2003-0623 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject…
CVE-2005-2092 — CVSS 4.3 (medium): BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS…
CVE-2005-4758 — CVSS 4.0 (medium): Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote…
CVE-2006-0424 — CVSS 4.0 (medium): BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to…
CVE-2007-2700 — CVSS 4.0 (medium): The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain…
CVE-2006-2467 — CVSS 4.0 (medium): BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 displays the internal IP address of the WebLogic server in the WebLogic…
CVE-2006-2468 — CVSS 4.0 (medium): The WebLogic Server Administration Console in BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 displays the domain name in the Console…
CVE-2006-2466 — CVSS 2.6 (low): BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain…
CVE-2002-2177 — CVSS 2.6 (low): BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two…
CVE-2002-1030 — CVSS 2.6 (low): Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial…
CVE-2003-1226 — CVSS 2.1 (low): BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml…
CVE-2006-0427 — CVSS 2.1 (low): Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications…
CVE-2003-1224 — CVSS 2.1 (low): Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in…
CVE-2004-0471 — CVSS 2.1 (low): BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping…
CVE-2006-0431 — CVSS 2.1 (low): Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP5 allows untrusted applications to obtain the server's SSL…
CVE-2003-1225 — CVSS 2.1 (low): The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local…
CVE-2006-0432 — CVSS 2.1 (low): Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console…
CVE-2005-4755 — CVSS 2.1 (low): BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in…
CVE-2003-1437 — CVSS 2.1 (low): BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or…
CVE-2006-0429 — CVSS 2.1 (low): BEA WebLogic Server and WebLogic Express 9.0 causes new security providers to appear active even if they have not been activated by a…
CVE-2004-2321 — CVSS 2.1 (low): BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean…
CVE-2007-0409 — CVSS 1.5 (low): BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the…
CVE-2005-4761 — CVSS 1.2 (low): BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier log the Java command line at…