CVSS: 2.1EPSS: 0%CPEs: 34EXPL: 0CVE-2003-1437
https://notcve.org/view.php?id=CVE-2003-1437
BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. • http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-25.jsp http://www.securityfocus.com/bid/6719 https://exchange.xforce.ibmcloud.com/vulnerabilities/11220 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2003-1094
https://notcve.org/view.php?id=CVE-2003-1094
BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-35.jsp http://www.kb.cert.org/vuls/id/999788 http://www.securityfocus.com/bid/8320 https://exchange.xforce.ibmcloud.com/vulnerabilities/12799 •
CVSS: 2.1EPSS: 0%CPEs: 19EXPL: 0CVE-2003-1225
https://notcve.org/view.php?id=CVE-2003-1225
The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords. • http://dev2dev.bea.com/pub/advisory/22 http://www.securityfocus.com/bid/7563 •
CVSS: 5.0EPSS: 1%CPEs: 58EXPL: 0CVE-2003-1290
https://notcve.org/view.php?id=CVE-2003-1290
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI). • http://dev2dev.bea.com/pub/advisory/162 http://secunia.com/advisories/10218 http://secunia.com/advisories/18396 http://www.osvdb.org/3064 http://www.securityfocus.com/bid/16215 http://www.securityfocus.com/bid/9034 https://exchange.xforce.ibmcloud.com/vulnerabilities/13752 •
CVSS: 2.1EPSS: 0%CPEs: 18EXPL: 0CVE-2003-1226
https://notcve.org/view.php?id=CVE-2003-1226
BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords. • http://dev2dev.bea.com/pub/advisory/22 http://www.securityfocus.com/bid/7563 http://www.securityfocus.com/bid/7587 •