CVE-2005-4763Weblogic Server vulnerability

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
1.4%
top 19.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
BEA Weblogic Server
Timeline
PublishedDec 31
Latest updateMay 1

Description

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow remote attackers to perform unauthorized actions.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDbea/weblogic_server6.1, 7.0, 8.1+2

🔴Vulnerability Details

2
GHSA
GHSA-jmg8-fp8v-pc6j: BEA WebLogic Server and WebLogic Express 82022-05-01
CVEList
CVE-2005-4763: BEA WebLogic Server and WebLogic Express 82006-04-01
CVE-2005-4763 — BEA Weblogic Server vulnerability | cvebase