Page 2 of 18 results (0.012 seconds)

CVSS: 6.8EPSS: 0%CPEs: 56EXPL: 0

BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands. BEA Tuxedo 8.0 anterior al RP392 y el 8.1 anterior al RP293 y el WebLogic Enterprise 5.1 anterior al RP174, muestra la contraseña en texto claro, lo que permite a atacantes físicamente próximos obtener información sensible a través de los comandos (1) cnsbind, (2) cnsunbind o (3) cnsls. • http://dev2dev.bea.com/pub/advisory/226 http://osvdb.org/45478 http://www.vupen.com/english/advisories/2007/1813 https://exchange.xforce.ibmcloud.com/vulnerabilities/34290 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 1%CPEs: 6EXPL: 0

Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user. • ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip http://dev2dev.bea.com/pub/advisory/182 http://secunia.com/advisories/19308 http://securitytracker.com/id?1015791 http://www.securityfocus.com/bid/17164 http://www.vupen.com/english/advisories/2006/1022 https://exchange.xforce.ibmcloud.com/vulnerabilities/25345 •

CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0

Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restricted web resources via crafted URLs. • http://dev2dev.bea.com/pub/advisory/172 http://secunia.com/advisories/18593 http://securitytracker.com/id?1015528 http://www.osvdb.org/22767 http://www.securityfocus.com/bid/16358 http://www.vupen.com/english/advisories/2006/0312 https://exchange.xforce.ibmcloud.com/vulnerabilities/24293 •

CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0

BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors. • http://dev2dev.bea.com/pub/advisory/169 http://secunia.com/advisories/18593 http://securitytracker.com/id?1015528 http://www.securityfocus.com/bid/16358 http://www.vupen.com/english/advisories/2006/0312 https://exchange.xforce.ibmcloud.com/vulnerabilities/24297 •

CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0

BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges. • http://dev2dev.bea.com/pub/advisory/167 http://dev2dev.bea.com/pub/advisory/262 http://secunia.com/advisories/18593 http://securitytracker.com/id?1015528 http://www.securityfocus.com/bid/16358 http://www.vupen.com/english/advisories/2006/0312 http://www.vupen.com/english/advisories/2008/0613 https://exchange.xforce.ibmcloud.com/vulnerabilities/24284 https://exchange.xforce.ibmcloud.com/vulnerabilities/40705 •