CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2007-0417
https://notcve.org/view.php?id=CVE-2007-0417
BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity. BEA WebLogic Server 7.0 hasta 7.0 SP7, 8.1 hasta 8.1 SP5, 9.0, y 9.1, cuando se usa el dominio de compatibilidad con WebLogic Server 6.1, permite a los atacantes ejecutar determinadas operaciones de persistencia de contenedores EJB con una identidad administrativa. • http://dev2dev.bea.com/pub/advisory/211 http://osvdb.org/38511 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017525 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/0213 •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2006-2469
https://notcve.org/view.php?id=CVE-2006-2469
The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows attackers to gain privileges. • http://dev2dev.bea.com/pub/advisory/189 http://secunia.com/advisories/20130 http://securitytracker.com/id?1016098 http://www.vupen.com/english/advisories/2006/1828 https://exchange.xforce.ibmcloud.com/vulnerabilities/26463 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2470
https://notcve.org/view.php?id=CVE-2006-2470
Unspecified vulnerability in the WebLogic Server Administration Console for BEA WebLogic Server 9.0 prevents the console from setting custom JDBC security policies correctly, which could allow attackers to bypass intended policies. • http://dev2dev.bea.com/pub/advisory/188 http://secunia.com/advisories/20130 http://www.vupen.com/english/advisories/2006/1828 https://exchange.xforce.ibmcloud.com/vulnerabilities/26464 •
CVSS: 4.9EPSS: 0%CPEs: 44EXPL: 0CVE-2006-2472
https://notcve.org/view.php?id=CVE-2006-2472
Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 through SP5, 7.0 through SP6, and 6.1 through SP7 allows untrusted applications to obtain private server keys. • http://dev2dev.bea.com/pub/advisory/186 http://secunia.com/advisories/20130 http://securitytracker.com/id?1016095 http://www.vupen.com/english/advisories/2006/1828 https://exchange.xforce.ibmcloud.com/vulnerabilities/26466 •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2006-0429
https://notcve.org/view.php?id=CVE-2006-0429
BEA WebLogic Server and WebLogic Express 9.0 causes new security providers to appear active even if they have not been activated by a server reboot, which could cause an administrator to perform inappropriate, security-relevant actions. • http://dev2dev.bea.com/pub/advisory/173 http://secunia.com/advisories/18592 http://securitytracker.com/id?1015528 http://www.osvdb.org/22773 http://www.securityfocus.com/bid/16358 http://www.vupen.com/english/advisories/2006/0313 https://exchange.xforce.ibmcloud.com/vulnerabilities/24298 •