Lucene search

[email protected]CVE-2005-4751

HistoryOct 03, 2022 - 4:22 p.m.

CVE-2005-4751

2022-10-0316:22:44

[email protected]

web.nvd.nist.gov

cve-2005-4751

cross-site scripting

xss vulnerabilities

bea weblogic server

weblogic express

remote attackers

administrative privileges

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allow remote attackers to inject arbitrary web script or HTML and gain administrative privileges via unknown attack vectors.

Affected configurations

NVD

Node

beaweblogic_serverMatch6.1

beaweblogic_serverMatch6.1express

beaweblogic_serverMatch6.1sp1

beaweblogic_serverMatch6.1sp1express

beaweblogic_serverMatch6.1sp2

beaweblogic_serverMatch6.1sp2express

beaweblogic_serverMatch6.1sp3

beaweblogic_serverMatch6.1sp3express

beaweblogic_serverMatch6.1sp4

beaweblogic_serverMatch6.1sp4express

beaweblogic_serverMatch6.1sp5

beaweblogic_serverMatch6.1sp5express

beaweblogic_serverMatch6.1sp6

beaweblogic_serverMatch6.1sp6express

beaweblogic_serverMatch6.1sp7

beaweblogic_serverMatch6.1sp7express

beaweblogic_serverMatch7.0

beaweblogic_serverMatch7.0express

beaweblogic_serverMatch7.0sp1

beaweblogic_serverMatch7.0sp1express

beaweblogic_serverMatch7.0sp2

beaweblogic_serverMatch7.0sp2express

beaweblogic_serverMatch7.0sp3

beaweblogic_serverMatch7.0sp3express

beaweblogic_serverMatch7.0sp4

beaweblogic_serverMatch7.0sp4express

beaweblogic_serverMatch7.0sp5

beaweblogic_serverMatch7.0sp5express

beaweblogic_serverMatch7.0sp6

beaweblogic_serverMatch7.0sp6express

beaweblogic_serverMatch8.1

beaweblogic_serverMatch8.1express

beaweblogic_serverMatch8.1sp1

beaweblogic_serverMatch8.1sp1express

beaweblogic_serverMatch8.1sp2

beaweblogic_serverMatch8.1sp2express

beaweblogic_serverMatch8.1sp3

beaweblogic_serverMatch8.1sp3express

beaweblogic_serverMatch8.1sp4

beaweblogic_serverMatch8.1sp4express

beaweblogic_serverMatch9.0

beaweblogic_serverMatch9.0express

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq6.1
bea:weblogic_serverbea weblogic servereq7.0
bea:weblogic_serverbea weblogic servereq8.1
bea:weblogic_serverbea weblogic servereq9.0

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	6.1
bea:weblogic_server	bea weblogic server	eq	7.0
bea:weblogic_server	bea weblogic server	eq	8.1
bea:weblogic_server	bea weblogic server	eq	9.0

References

dev2dev.bea.com/pub/advisory/139

secunia.com/advisories/17138

www.securityfocus.com/bid/15052

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.5%

JSON

Related for CVE-2005-4751

cvelist1 nvd1