CVSS: 5.0EPSS: 0%CPEs: 26EXPL: 0CVE-2003-1221
https://notcve.org/view.php?id=CVE-2003-1221
BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions. • http://dev2dev.bea.com/pub/advisory/32 http://www.securityfocus.com/bid/9034 •
CVSS: 2.1EPSS: 0%CPEs: 22EXPL: 0CVE-2003-1224
https://notcve.org/view.php?id=CVE-2003-1224
Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen. • http://dev2dev.bea.com/pub/advisory/22 http://www.securityfocus.com/bid/7563 •
CVSS: 5.0EPSS: 0%CPEs: 44EXPL: 0CVE-2003-1223
https://notcve.org/view.php?id=CVE-2003-1223
The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap. • http://dev2dev.bea.com/pub/advisory/48 http://www.securityfocus.com/bid/9034 •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2003-1222
https://notcve.org/view.php?id=CVE-2003-1222
BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password. • http://dev2dev.bea.com/pub/advisory/63 http://www.securityfocus.com/bid/9034 •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 1CVE-2003-0623
https://notcve.org/view.php?id=CVE-2003-0623
Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument. Vulnerabilidad de scripts en sitios cruzados en la consola de adminstración de BEA Tuxedo 8.1 y anteriores permite a atacantes remotos inyectar script web arbitrario mediante una argumento INFILE. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp http://marc.info/?l=bugtraq&m=106762000607681&w=2 http://www.securityfocus.com/bid/8931 https://exchange.xforce.ibmcloud.com/vulnerabilities/13561 •