CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2004-0471
https://notcve.org/view.php?id=CVE-2004-0471
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown). BEA WebLogic Server y WebLocic Express 7.0 hasta SP5 y 8.1 hasta SP2 no hace cumplir las restricciones de sitio para iniciar y parar servidores a usuarios en los papeles de seguridad Admin y Operator, lo que permite a usuarios no autorizados causar una denegación de servicio (parada del servicio) • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_60.00.jsp http://secunia.com/advisories/11594 http://securitytracker.com/id?1010129 http://www.osvdb.org/6077 http://www.securityfocus.com/bid/10327 https://exchange.xforce.ibmcloud.com/vulnerabilities/16121 •
CVSS: 5.0EPSS: 1%CPEs: 20EXPL: 0CVE-2004-1756
https://notcve.org/view.php?id=CVE-2004-1756
BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_54.00.jsp http://secunia.com/advisories/11358 http://securitytracker.com/id?1009765 http://www.kb.cert.org/vuls/id/566390 http://www.securityfocus.com/bid/10132 https://exchange.xforce.ibmcloud.com/vulnerabilities/15862 •
CVSS: 4.6EPSS: 0%CPEs: 37EXPL: 0CVE-2004-1758
https://notcve.org/view.php?id=CVE-2004-1758
BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_53.00.jsp http://secunia.com/advisories/11357 http://securitytracker.com/id?1009764 http://www.kb.cert.org/vuls/id/920238 http://www.osvdb.org/5297 http://www.securityfocus.com/bid/10131 https://exchange.xforce.ibmcloud.com/vulnerabilities/15860 •
CVSS: 2.1EPSS: 0%CPEs: 18EXPL: 0CVE-2003-1226
https://notcve.org/view.php?id=CVE-2003-1226
BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords. • http://dev2dev.bea.com/pub/advisory/22 http://www.securityfocus.com/bid/7563 http://www.securityfocus.com/bid/7587 •
CVSS: 2.1EPSS: 0%CPEs: 19EXPL: 0CVE-2003-1225
https://notcve.org/view.php?id=CVE-2003-1225
The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords. • http://dev2dev.bea.com/pub/advisory/22 http://www.securityfocus.com/bid/7563 •