CVSS: 4.6EPSS: 0%CPEs: 37EXPL: 0CVE-2004-1758
https://notcve.org/view.php?id=CVE-2004-1758
BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_53.00.jsp http://secunia.com/advisories/11357 http://securitytracker.com/id?1009764 http://www.kb.cert.org/vuls/id/920238 http://www.osvdb.org/5297 http://www.securityfocus.com/bid/10131 https://exchange.xforce.ibmcloud.com/vulnerabilities/15860 •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2003-1438
https://notcve.org/view.php?id=CVE-2003-1438
Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user. • http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-26.01.jsp http://www.securityfocus.com/bid/6717 http://www.securitytracker.com/id?1006018 https://exchange.xforce.ibmcloud.com/vulnerabilities/11221 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.6EPSS: 0%CPEs: 7EXPL: 0CVE-2003-1093
https://notcve.org/view.php?id=CVE-2003-1093
BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-24.jsp http://www.kb.cert.org/vuls/id/331937 http://www.securityfocus.com/bid/6586 https://exchange.xforce.ibmcloud.com/vulnerabilities/11057 •
CVSS: 5.0EPSS: 0%CPEs: 42EXPL: 0CVE-2003-1220
https://notcve.org/view.php?id=CVE-2003-1220
BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL. • http://dev2dev.bea.com/pub/advisory/25 http://www.securityfocus.com/bid/9034 •
CVSS: 5.0EPSS: 1%CPEs: 58EXPL: 0CVE-2003-1290
https://notcve.org/view.php?id=CVE-2003-1290
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI). • http://dev2dev.bea.com/pub/advisory/162 http://secunia.com/advisories/10218 http://secunia.com/advisories/18396 http://www.osvdb.org/3064 http://www.securityfocus.com/bid/16215 http://www.securityfocus.com/bid/9034 https://exchange.xforce.ibmcloud.com/vulnerabilities/13752 •