Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea weblogic server vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2007-0418
BEA WebLogic Server 7.0 up to and including 7.0 SP6, 8.1 up to and including 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote malicious users to obtain unauthorized access to these m...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
Bea Weblogic Server 9.0
Bea Weblogic Server 9.1
Bea Weblogic Server
7.5
CVSSv2
CVE-2007-0425
Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 up to and including 8.1 SP5, and JRockit 1.4.2 R4.5 and previous versions, allows malicious users to gain privileges via unspecified vectors, related to an "overflow condition," probably a buffer overflow...
Bea Weblogic Server 8.1
Bea Jrockit
Bea Weblogic Server
7.5
CVSSv2
CVE-2007-0408
BEA Weblogic Server 8.1 up to and including 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote malicious users to obtain access via an untrusted X.509 certificate.
Bea Weblogic Server 8.1
Bea Weblogic Server
1 Github repository
7.5
CVSSv2
CVE-2006-2469
The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows malicious users to gain privileges.
Bea Weblogic Server 6.0
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
Bea Weblogic Server 6.1
Bea Weblogic Server 9.0
7.5
CVSSv2
CVE-2006-2470
Unspecified vulnerability in the WebLogic Server Administration Console for BEA WebLogic Server 9.0 prevents the console from setting custom JDBC security policies correctly, which could allow malicious users to bypass intended policies.
Bea Weblogic Server 9.0
7.5
CVSSv2
CVE-2006-0426
BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow malicious users to gain privileges.
Bea Weblogic Server 8.1
7.5
CVSSv2
CVE-2005-4750
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, 7.0 SP5 and previous versions, and 6.1 SP7 and previous versions allow remote malicious users to cause a denial of service (server thread hang) via unknown attack vectors.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
7.5
CVSSv2
CVE-2005-4756
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, and 7.0 SP5 and previous versions, do not properly validate derived Principals with multiple PrincipalValidators, which might allow malicious users to gain privileges.
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
7.5
CVSSv2
CVE-2005-4757
BEA WebLogic Server and WebLogic Express 8.1 SP3 and previous versions, and 7.0 SP5 and previous versions, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote malicious users to bypass intended servlet protections.
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
7.5
CVSSv2
CVE-2005-4763
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, 7.0 SP6 and previous versions, and 6.1 SP7 and previous versions, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a ...
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »