cbcvebase.
CVE-2005-4767
published 2005-12-31

CVE-2005-4767: BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a…

PriorityP425medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EPSS
1.40%
69.1th percentile
BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password.

Affected

2 ranges
VendorProductVersion rangeFixed in
beaweblogic_server
beaweblogic_server
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.