CVE-2005-4763

2022-10-0316:22:44

mitre

www.cve.org

bea weblogic

iiop

unauthorized actions

6.7 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.2%

JSON

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow remote attackers to perform unauthorized actions.

References

dev2dev.bea.com/pub/advisory/154

secunia.com/advisories/17138

www.securityfocus.com/bid/15052