CVSS: 9.8EPSS: 2%CPEs: 24EXPL: 0CVE-2004-0715
https://notcve.org/view.php?id=CVE-2004-0715
21 Jul 2004 — The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges. El proveedor de Autenticación WebLogic en BEA WebLogic Server y WebLogic Express 8.1 hasta SP2 y 7.0 hasta SP4 no elimina relaciones entre miembros cuando se borra un grupo, lo que puede causa... • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_52.01.jsp •
CVSS: 9.1EPSS: 0%CPEs: 37EXPL: 0CVE-2004-0652
https://notcve.org/view.php?id=CVE-2004-0652
13 Jul 2004 — BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods. BEA WebLogic Server y WebLogic Express 7.0 a 7.0 Service Pack 4, y 8.1 a 8.1 Service Pack 2 permiten a atacantes obtener el nombre de usuario y contraseña para arrancar el servidor accediendo directamente a ciertos métodos internos. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_55.00.jsp •
CVSS: 9.1EPSS: 2%CPEs: 4EXPL: 0CVE-2004-0470
https://notcve.org/view.php?id=CVE-2004-0470
20 May 2004 — BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application. BEA WebLogic Server y WebLocic Express 7.0 hasta SP5 y 8.1 hasta SP2, cuando se edita weblogic.xml usando WebLocic Builder o el método SecurityRoleA... • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_59.00.jsp •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2004-0471
https://notcve.org/view.php?id=CVE-2004-0471
20 May 2004 — BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown). BEA WebLogic Server y WebLocic Express 7.0 hasta SP5 y 8.1 hasta SP2 no hace cumplir las restricciones de sitio para iniciar y parar servidores a usuarios en los papeles de seguridad Admin y Operator, lo que permite a usuarios no aut... • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_60.00.jsp •
CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 0CVE-2004-1756
https://notcve.org/view.php?id=CVE-2004-1756
13 Apr 2004 — BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_54.00.jsp •
CVSS: 7.8EPSS: 0%CPEs: 37EXPL: 0CVE-2004-1758
https://notcve.org/view.php?id=CVE-2004-1758
13 Apr 2004 — BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_53.00.jsp •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2003-1093
https://notcve.org/view.php?id=CVE-2003-1093
31 Dec 2003 — BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-24.jsp •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2003-1094
https://notcve.org/view.php?id=CVE-2003-1094
31 Dec 2003 — BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-35.jsp •
CVSS: 7.5EPSS: 0%CPEs: 42EXPL: 0CVE-2003-1220
https://notcve.org/view.php?id=CVE-2003-1220
31 Dec 2003 — BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL. • http://dev2dev.bea.com/pub/advisory/25 •
CVSS: 9.1EPSS: 0%CPEs: 26EXPL: 0CVE-2003-1221
https://notcve.org/view.php?id=CVE-2003-1221
31 Dec 2003 — BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions. • http://dev2dev.bea.com/pub/advisory/32 •