Oracle Weblogic Portal — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Weblogic Portal, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2008-0870 — CVSS 7.5 (high): BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the…
CVE-2005-1743 — CVSS 7.5 (high): BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security…
CVE-2006-0423 — CVSS 7.5 (high): BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which…
CVE-2006-0428 — CVSS 7.5 (high): Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote…
CVE-2005-1747 — CVSS 6.8 (medium): Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service…
CVE-2007-5576 — CVSS 6.8 (medium): BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows…
CVE-2007-0426 — CVSS 6.8 (medium): BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly…
CVE-2005-2680 — CVSS 5.0 (medium): Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access…
CVE-2006-0425 — CVSS 5.0 (medium): BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors.
CVE-2005-1742 — CVSS 5.0 (medium): BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection…
CVE-2006-1358 — CVSS 5.0 (medium): Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong…
CVE-2005-1746 — CVSS 5.0 (medium): The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a…
CVE-2005-1748 — CVSS 5.0 (medium): The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote…
CVE-2005-1749 — CVSS 5.0 (medium): Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU…
CVE-2008-0864 — CVSS 5.0 (medium): Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page…
CVE-2008-0865 — CVSS 5.0 (medium): Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a…
CVE-2005-1745 — CVSS 4.6 (medium): The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login…
CVE-2007-0423 — CVSS 4.4 (medium): BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role…
CVE-2008-0868 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote…
CVE-2007-2703 — CVSS 3.6 (low): BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow…
CVE-2007-2702 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to…