CVSS: 2.1EPSS: 0%CPEs: 18EXPL: 0CVE-2003-1226
https://notcve.org/view.php?id=CVE-2003-1226
BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords. • http://dev2dev.bea.com/pub/advisory/22 http://www.securityfocus.com/bid/7563 http://www.securityfocus.com/bid/7587 •
CVSS: 5.0EPSS: 0%CPEs: 26EXPL: 0CVE-2003-1221
https://notcve.org/view.php?id=CVE-2003-1221
BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions. • http://dev2dev.bea.com/pub/advisory/32 http://www.securityfocus.com/bid/9034 •
CVSS: 2.1EPSS: 0%CPEs: 22EXPL: 0CVE-2003-1224
https://notcve.org/view.php?id=CVE-2003-1224
Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen. • http://dev2dev.bea.com/pub/advisory/22 http://www.securityfocus.com/bid/7563 •
CVSS: 5.0EPSS: 0%CPEs: 44EXPL: 0CVE-2003-1223
https://notcve.org/view.php?id=CVE-2003-1223
The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap. • http://dev2dev.bea.com/pub/advisory/48 http://www.securityfocus.com/bid/9034 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2003-0624 – BEA WebLogic 6/7/8 - InteractiveQuery.jsp Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0624
Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter. Vulnerabilidad de scripts en sitios cruzados en Interactive.jsp de BEA WebLogic 8.1 y anteriores permite a atacantes remotos inyectar script web malicioso mediante el parámetro person. • https://www.exploit-db.com/exploits/23315 http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp http://marc.info/?l=bugtraq&m=106761926906781&w=2 http://www.securityfocus.com/bid/8938 https://exchange.xforce.ibmcloud.com/vulnerabilities/13568 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •