CVSS: 4.6EPSS: 0%CPEs: 76EXPL: 0CVE-2005-1745
https://notcve.org/view.php?id=CVE-2005-1745
The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password. • http://dev2dev.bea.com/pub/advisory/128 http://secunia.com/advisories/15486 http://securitytracker.com/id?1014049 http://www.securityfocus.com/bid/13717 http://www.vupen.com/english/advisories/2005/0605 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2005-0432
https://notcve.org/view.php?id=CVE-2005-0432
BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA05-74.00.jsp http://secunia.com/advisories/14298 •
CVSS: 4.6EPSS: 0%CPEs: 46EXPL: 0CVE-2004-1757
https://notcve.org/view.php?id=CVE-2004-1757
BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_50.00.jsp http://secunia.com/advisories/10728 http://www.kb.cert.org/vuls/id/350350 http://www.securityfocus.com/bid/9501 https://exchange.xforce.ibmcloud.com/vulnerabilities/14957 •
CVSS: 5.8EPSS: 0%CPEs: 85EXPL: 0CVE-2004-2320
https://notcve.org/view.php?id=CVE-2004-2320
The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. • http://dev2dev.bea.com/pub/advisory/68 http://secunia.com/advisories/10726 http://www.kb.cert.org/vuls/id/867593 http://www.osvdb.org/3726 http://www.securityfocus.com/bid/9506 http://www.securitytracker.com/alerts/2004/Jan/1008866.html https://exchange.xforce.ibmcloud.com/vulnerabilities/14959 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 61EXPL: 0CVE-2004-2696
https://notcve.org/view.php?id=CVE-2004-2696
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call. • http://dev2dev.bea.com/pub/advisory/59 http://secunia.com/advisories/11865 http://securitytracker.com/id?1010493 http://www.osvdb.org/7081 http://www.securityfocus.com/bid/10545 https://exchange.xforce.ibmcloud.com/vulnerabilities/16421 • CWE-255: Credentials Management Errors •