Page 25 of 152 results (0.001 seconds)

CVSS: 5.0EPSS: 0%CPEs: 42EXPL: 0

BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL. • http://dev2dev.bea.com/pub/advisory/25 http://www.securityfocus.com/bid/9034 •

CVSS: 2.1EPSS: 0%CPEs: 34EXPL: 0

BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. • http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-25.jsp http://www.securityfocus.com/bid/6719 https://exchange.xforce.ibmcloud.com/vulnerabilities/11220 •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-35.jsp http://www.kb.cert.org/vuls/id/999788 http://www.securityfocus.com/bid/8320 https://exchange.xforce.ibmcloud.com/vulnerabilities/12799 •

CVSS: 2.1EPSS: 0%CPEs: 19EXPL: 0

The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords. • http://dev2dev.bea.com/pub/advisory/22 http://www.securityfocus.com/bid/7563 •

CVSS: 5.0EPSS: 1%CPEs: 58EXPL: 0

BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI). • http://dev2dev.bea.com/pub/advisory/162 http://secunia.com/advisories/10218 http://secunia.com/advisories/18396 http://www.osvdb.org/3064 http://www.securityfocus.com/bid/16215 http://www.securityfocus.com/bid/9034 https://exchange.xforce.ibmcloud.com/vulnerabilities/13752 •