CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2006-0423
https://notcve.org/view.php?id=CVE-2006-0423
BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges. • http://dev2dev.bea.com/pub/advisory/167 http://dev2dev.bea.com/pub/advisory/262 http://secunia.com/advisories/18593 http://securitytracker.com/id?1015528 http://www.securityfocus.com/bid/16358 http://www.vupen.com/english/advisories/2006/0312 http://www.vupen.com/english/advisories/2008/0613 https://exchange.xforce.ibmcloud.com/vulnerabilities/24284 https://exchange.xforce.ibmcloud.com/vulnerabilities/40705 •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2005-2680
https://notcve.org/view.php?id=CVE-2005-2680
Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages of a Book via crafted URLs. • http://dev2dev.bea.com/pub/advisory/137 •