Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle weblogic portal 8.1 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2008-0864
Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote malicious users to bypass intended access restrictions.
Bea Systems Weblogic Portal 8.1 Sp6
Oracle Weblogic Portal 8.1
5
CVSSv2
CVE-2008-0865
Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote malicious users to bypass entitlements for instances of a floatable WLP portlet via unknown vectors.
Oracle Weblogic Portal 8.1
Bea Systems Weblogic Portal 8.1 Sp6
7.5
CVSSv2
CVE-2006-0423
BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows malicious users to gain privileges.
Oracle Weblogic Portal 8.1
7.5
CVSSv2
CVE-2006-0428
Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote malicious users to access restricted web resources via crafted URLs.
Oracle Weblogic Portal 8.1
5
CVSSv2
CVE-2005-2680
Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote malicious users to bypass access restrictions for the pages of a Book via crafted URLs.
Oracle Weblogic Portal 8.1
5
CVSSv2
CVE-2006-0425
BEA WebLogic Portal 8.1 through SP4 allows remote malicious users to obtain the source for a deployment descriptor file via unknown vectors.
Oracle Weblogic Portal 8.1
5
CVSSv2
CVE-2006-1358
Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user.
Oracle Weblogic Portal 8.1
5
CVSSv2
CVE-2005-1742
BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools."
Bea Weblogic Server 6.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 7.0.0.1
Oracle Weblogic Portal 8.0
Bea Weblogic Server 8.1
7.5
CVSSv2
CVE-2005-1743
BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to audit security exceptions.
Oracle Weblogic Portal 8.0
Bea Weblogic Server 6.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
4.6
CVSSv2
CVE-2005-1745
The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for malicious users to guess the correct password.
Bea Weblogic Server 6.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 8.1
Oracle Weblogic Portal 8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »