Page 11 of 80 results (0.004 seconds)

CVSS: 4.6EPSS: 0%CPEs: 76EXPL: 0

The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password. • http://dev2dev.bea.com/pub/advisory/128 http://secunia.com/advisories/15486 http://securitytracker.com/id?1014049 http://www.securityfocus.com/bid/13717 http://www.vupen.com/english/advisories/2005/0605 •

CVSS: 4.6EPSS: 0%CPEs: 46EXPL: 0

BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_50.00.jsp http://secunia.com/advisories/10728 http://www.kb.cert.org/vuls/id/350350 http://www.securityfocus.com/bid/9501 https://exchange.xforce.ibmcloud.com/vulnerabilities/14957 •

CVSS: 5.8EPSS: 0%CPEs: 85EXPL: 0

The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. • http://dev2dev.bea.com/pub/advisory/68 http://secunia.com/advisories/10726 http://www.kb.cert.org/vuls/id/867593 http://www.osvdb.org/3726 http://www.securityfocus.com/bid/9506 http://www.securitytracker.com/alerts/2004/Jan/1008866.html https://exchange.xforce.ibmcloud.com/vulnerabilities/14959 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 61EXPL: 0

BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call. • http://dev2dev.bea.com/pub/advisory/59 http://secunia.com/advisories/11865 http://securitytracker.com/id?1010493 http://www.osvdb.org/7081 http://www.securityfocus.com/bid/10545 https://exchange.xforce.ibmcloud.com/vulnerabilities/16421 • CWE-255: Credentials Management Errors •

CVSS: 6.4EPSS: 1%CPEs: 44EXPL: 0

The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown. El método remove en una Enterprise JavaBean (EJB) con estado en BEA WebLogic Server y WebLogic Express version 8.1 hasta SP2, 7.0 hasta SP4, y 6.1 a SP6, no comprueba adecuadamente permisos EJB antes de dejar de exportar una habichuela (bean), lo que permite a usuarios remotos autenticados eliminar objetos EJB de vistas remotas antes de que se lance la excepción de seguridad. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_57.00.jsp http://www.kb.cert.org/vuls/id/658878 http://www.securityfocus.com/bid/10185 https://exchange.xforce.ibmcloud.com/vulnerabilities/15928 •