cbcvebase.

Bea Weblogic Server vulnerabilities

146 known vulnerabilities affecting bea/weblogic_server.

Total CVEs
146
CISA KEV
0
Public exploits
12
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH31MEDIUM92LOW16

Vulnerabilities

Page 8 of 8
CVE-2003-1226P4LOWCVSS 2.1v7.0v7.0.0.12003-12-31
CVE-2003-1226 [LOW] CVE-2003-1226: BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryptio BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords.
nvd
CVE-2002-2177P4LOWCVSS 2.6v6.1v7.0+1 more2002-12-31
CVE-2002-2177 [LOW] CVE-2002-2177: BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BE BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other users.
nvd
CVE-2005-4755P4LOWCVSS 2.1v8.12005-12-31
CVE-2005-4755 [LOW] CVE-2005-4755: BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase ( BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptogr
nvd
CVE-2006-0431P4LOWCVSS 2.1v8.12006-01-25
CVE-2006-0431 [LOW] CVE-2006-0431: Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP5 allows untrusted appli Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP5 allows untrusted applications to obtain the server's SSL identity via unknown attack vectors.
nvd
CVE-2007-0409P4LOWCVSS 1.5≤ 7.0≤ 8.1+3 more2007-01-23
CVE-2007-0409 [LOW] CVE-2007-0409: BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt pass BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password.
nvd
CVE-2005-4761P4LOWCVSS 1.2v6.1v7.0+1 more2005-12-31
CVE-2005-4761 [LOW] CVE-2005-4761: BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and e BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier log the Java command line at server startup, which might include sensitive information (passwords or keyphrases) in the server log file when the -D option is used.
nvd
Bea Weblogic Server vulnerabilities | cvebase