Max CVSS 7.8 Min CVSS 3.5 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2007-2699 7.1
The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.
28-05-2019 - 17:29 16-05-2007 - 01:19
CVE-2007-2703 3.6
BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources.
30-10-2018 - 16:25 16-05-2007 - 01:19
CVE-2007-2702 3.5
Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor.
30-10-2018 - 16:25 16-05-2007 - 01:19
CVE-2006-4339 4.3
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key
17-10-2018 - 21:35 05-09-2006 - 17:04
CVE-2007-2696 6.8
The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server.
29-07-2017 - 01:31 16-05-2007 - 01:19
CVE-2007-2697 5.1
The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily
29-07-2017 - 01:31 16-05-2007 - 01:19
CVE-2007-2701 4.6
The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote attackers to bypass the security access policy and
29-07-2017 - 01:31 16-05-2007 - 01:19
CVE-2007-2704 5.4
BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port unavailability) by accessing a half-closed SSL socket.
29-07-2017 - 01:31 16-05-2007 - 01:19
CVE-2007-2705 7.8
Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote attackers to list a WebLogic Workshop Directory (wlw
29-07-2017 - 01:31 16-05-2007 - 01:19
CVE-2007-2698 5.0
The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information. The vendor has issued product updates to addresse
29-07-2017 - 01:31 16-05-2007 - 01:19
CVE-2007-2700 4.0
The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain s
29-07-2017 - 01:31 16-05-2007 - 01:19
CVE-2007-2695 5.1
The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," whic
29-07-2017 - 01:31 16-05-2007 - 01:19
CVE-2007-2694 4.3
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vector
08-03-2011 - 02:54 16-05-2007 - 01:19
Back to Top Mark selected
Back to Top