Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea weblogic server vulnerabilities and exploits
(subscribe to this query)
435
VMScore
CVE-2003-0624
Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and previous versions allows remote malicious users to inject malicious web script via the person parameter.
Bea Weblogic Server
Bea Weblogic Server 3.1.8
1 EDB exploit
505
VMScore
CVE-2003-0621
The Administration Console for BEA Tuxedo 8.1 and previous versions allows remote malicious users to determine the existence of files outside the web root via modified paths in the INIFILE argument.
Bea Tuxedo 6.3
Bea Tuxedo 6.4
Bea Weblogic Server 5.1
Bea Weblogic Server 4.2
Bea Weblogic Server 5.0.1
Bea Tuxedo 6.5
Bea Tuxedo 7.1
Bea Tuxedo 8.0
Bea Tuxedo 8.1
1 EDB exploit
445
VMScore
CVE-2003-0622
The Administration Console for BEA Tuxedo 8.1 and previous versions allows remote malicious users to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX.
Bea Weblogic Server 4.2
Bea Weblogic Server 5.0.1
Bea Tuxedo 8.0
Bea Tuxedo 8.1
Bea Tuxedo 6.3
Bea Tuxedo 6.4
Bea Weblogic Server 5.1
Bea Tuxedo 6.5
Bea Tuxedo 7.1
383
VMScore
CVE-2003-0623
Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and previous versions allows remote malicious users to inject arbitrary web script via the INIFILE argument.
Bea Tuxedo 8.1
Bea Weblogic Server 4.2
Bea Tuxedo 6.5
Bea Tuxedo 7.1
Bea Tuxedo 8.0
Bea Weblogic Server 5.0.1
Bea Weblogic Server 5.1
Bea Tuxedo 6.3
Bea Tuxedo 6.4
187
VMScore
CVE-2004-0471
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
187
VMScore
CVE-2003-1225
The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords.
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
668
VMScore
CVE-2002-2141
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, w...
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
445
VMScore
CVE-2008-0863
BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote malicious users to obtain sensitive information and potentially launch further attacks.
Bea Weblogic Server 9.1
Bea Weblogic Server 9.0
570
VMScore
CVE-2007-0421
BEA WebLogic Server 6.1 up to and including 6.1 SP7, and 7.0 up to and including 7.0 SP7 allows remote malicious users to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log.
Bea Weblogic Server 7.0
Bea Weblogic Server 6.1
668
VMScore
CVE-2007-0416
The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote malicious users to bypass application security.
Bea Weblogic Server 9.1
Bea Weblogic Server 9.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »