Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea vulnerabilities and exploits
(subscribe to this query)
1.2
CVSSv2
CVE-2005-4761
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, 7.0 SP5 and previous versions, and 6.1 SP7 and previous versions log the Java command line at server startup, which might include sensitive information (passwords or keyphrases) in the server log file when th...
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
7.2
CVSSv2
CVE-2005-4762
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, 7.0 SP6 and previous versions, and 6.1 SP7 and previous versions sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
7.5
CVSSv2
CVE-2005-4763
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, 7.0 SP6 and previous versions, and 6.1 SP7 and previous versions, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a ...
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
7.8
CVSSv2
CVE-2005-4764
BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account name to cause a denial of service (blocked admin logins).
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
4.6
CVSSv2
CVE-2003-1093
BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 7.0.0.1
4
CVSSv2
CVE-2006-2467
BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 displays the internal IP address of the WebLogic server in the WebLogic Server Administration Console, which allows remote authenticated administrators to determine the address.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
2.6
CVSSv2
CVE-2002-2177
BEA WebLogic Server and Express 6.1 up to and including 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote malicious users to obtain sensitive information that was intended for other users.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 7.0.0.1
6.4
CVSSv2
CVE-2006-0419
BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote malicious users to read user entries or cause a denial of service (unspecified) via a large number of connections.
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
Bea Weblogic Server 9.0
6.4
CVSSv2
CVE-2006-0422
Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allow remote malicious users to access MBean attributes or cause an unspecified denial of service via unknown attack vectors.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
4
CVSSv2
CVE-2006-0424
BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration information.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »