CVSS: 7.8EPSS: 0%CPEs: 37EXPL: 0CVE-2004-1758
https://notcve.org/view.php?id=CVE-2004-1758
13 Apr 2004 — BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_53.00.jsp •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2003-1093
https://notcve.org/view.php?id=CVE-2003-1093
31 Dec 2003 — BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-24.jsp •
CVSS: 7.5EPSS: 0%CPEs: 42EXPL: 0CVE-2003-1220
https://notcve.org/view.php?id=CVE-2003-1220
31 Dec 2003 — BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL. • http://dev2dev.bea.com/pub/advisory/25 •
CVSS: 9.1EPSS: 0%CPEs: 26EXPL: 0CVE-2003-1221
https://notcve.org/view.php?id=CVE-2003-1221
31 Dec 2003 — BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions. • http://dev2dev.bea.com/pub/advisory/32 •
CVSS: 7.5EPSS: 0%CPEs: 44EXPL: 0CVE-2003-1223
https://notcve.org/view.php?id=CVE-2003-1223
31 Dec 2003 — The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap. • http://dev2dev.bea.com/pub/advisory/48 •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2003-1224
https://notcve.org/view.php?id=CVE-2003-1224
31 Dec 2003 — Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen. • http://dev2dev.bea.com/pub/advisory/22 •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 0CVE-2003-1225
https://notcve.org/view.php?id=CVE-2003-1225
31 Dec 2003 — The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords. • http://dev2dev.bea.com/pub/advisory/22 •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2003-1226
https://notcve.org/view.php?id=CVE-2003-1226
31 Dec 2003 — BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords. • http://dev2dev.bea.com/pub/advisory/22 •
CVSS: 7.5EPSS: 0%CPEs: 58EXPL: 0CVE-2003-1290
https://notcve.org/view.php?id=CVE-2003-1290
31 Dec 2003 — BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI). • http://dev2dev.bea.com/pub/advisory/162 •
CVSS: 7.1EPSS: 0%CPEs: 34EXPL: 0CVE-2003-1437
https://notcve.org/view.php?id=CVE-2003-1437
31 Dec 2003 — BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. • http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-25.jsp •