CVE-2005-1743 — Weblogic Server vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 32.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

BEA Weblogic Server Oracle Weblogic Portal

Timeline

PublishedMay 24

Latest updateMay 1

Description

BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to audit security exceptions.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDbea/weblogic_server5 versions+4

▶NVDoracle/weblogic_portal8.0

🔴Vulnerability Details

GHSA

GHSA-hf6g-2xhc-98g4: BEA WebLogic Server and WebLogic Express 8↗2022-05-01

▶

CVEList

CVE-2005-1743: BEA WebLogic Server and WebLogic Express 8↗2005-05-24

▶