Lucene search

[email protected]CVE-2003-0733

HistoryOct 20, 2003 - 4:00 a.m.

CVE-2003-0733

2003-10-2004:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

weblogic

integration

liquid data

xss

vulnerabilities

nvd

cve-2003-0733

7 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application.

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq5.1
bea:weblogic_integrationbea weblogic integrationeq2.0
bea:liquid_databea liquid dataeq1.1
bea:weblogic_integrationbea weblogic integrationeq7.0
bea:weblogic_serverbea weblogic servereq7.0

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	5.1
bea:weblogic_integration	bea weblogic integration	eq	2.0
bea:liquid_data	bea liquid data	eq	1.1
bea:weblogic_integration	bea weblogic integration	eq	7.0
bea:weblogic_server	bea weblogic server	eq	7.0

References

dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp

www.securityfocus.com/bid/8357

7 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.6%

JSON

Related for CVE-2003-0733

cvelist1