4 results (0.007 seconds)

CVSS: 6.8EPSS: 0%CPEs: 56EXPL: 0

BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands. BEA Tuxedo 8.0 anterior al RP392 y el 8.1 anterior al RP293 y el WebLogic Enterprise 5.1 anterior al RP174, muestra la contraseña en texto claro, lo que permite a atacantes físicamente próximos obtener información sensible a través de los comandos (1) cnsbind, (2) cnsunbind o (3) cnsls. • http://dev2dev.bea.com/pub/advisory/226 http://osvdb.org/45478 http://www.vupen.com/english/advisories/2007/1813 https://exchange.xforce.ibmcloud.com/vulnerabilities/34290 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors. Vulnerabilidad de salto de directorio en Test View Console de BEA WebLogic Integration 9.2 anterior a SP1 y WebLogic Workshop 8.1 SP2 hasta SP6, cuando es "desplegado en formato expandido" permite a atacantes remotos listar un directorio padre de WebLogic Workshop Directory (wlwdir) a través de vectores sin especificar. • http://dev2dev.bea.com/pub/advisory/239 http://osvdb.org/36063 http://www.securitytracker.com/id?1018059 http://www.vupen.com/english/advisories/2007/1815 https://exchange.xforce.ibmcloud.com/vulnerabilities/34281 •

CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp http://www.securityfocus.com/bid/8357 •

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension. • http://dev2dev.bea.com/pub/advisory/3 http://www.iss.net/security_center/static/10392.php http://www.securityfocus.com/bid/5971 •