Page 6 of 36 results (0.007 seconds)

CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0

Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restricted web resources via crafted URLs. • http://dev2dev.bea.com/pub/advisory/172 http://secunia.com/advisories/18593 http://securitytracker.com/id?1015528 http://www.osvdb.org/22767 http://www.securityfocus.com/bid/16358 http://www.vupen.com/english/advisories/2006/0312 https://exchange.xforce.ibmcloud.com/vulnerabilities/24293 •

CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0

BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors. • http://dev2dev.bea.com/pub/advisory/169 http://secunia.com/advisories/18593 http://securitytracker.com/id?1015528 http://www.securityfocus.com/bid/16358 http://www.vupen.com/english/advisories/2006/0312 https://exchange.xforce.ibmcloud.com/vulnerabilities/24297 •

CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0

BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges. • http://dev2dev.bea.com/pub/advisory/167 http://dev2dev.bea.com/pub/advisory/262 http://secunia.com/advisories/18593 http://securitytracker.com/id?1015528 http://www.securityfocus.com/bid/16358 http://www.vupen.com/english/advisories/2006/0312 http://www.vupen.com/english/advisories/2008/0613 https://exchange.xforce.ibmcloud.com/vulnerabilities/24284 https://exchange.xforce.ibmcloud.com/vulnerabilities/40705 •

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0

Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages of a Book via crafted URLs. • http://dev2dev.bea.com/pub/advisory/137 •

CVSS: 5.0EPSS: 0%CPEs: 76EXPL: 0

The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service (cluster slowdown) via modified cookies. • http://dev2dev.bea.com/pub/advisory/129 http://secunia.com/advisories/15486 http://securitytracker.com/id?1014049 http://www.securityfocus.com/bid/13717 http://www.vupen.com/english/advisories/2005/0606 •