CVE-2005-4704 — Weblogic Server vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 50.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

BEA Weblogic Server

Timeline

PublishedDec 31

Latest updateMay 1

Description

Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDbea/weblogic_server6.1, 7.0, 8.1+2

Patches

Patch: dev2dev.bea.com ↗Patch: www.osvdb.org ↗Patch: dev2dev.bea.com ↗

🔴Vulnerability Details

GHSA

GHSA-j86f-g83j-qw65: Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8↗2022-05-01

▶

CVEList

CVE-2005-4704: Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8↗2006-02-01

▶