Lucene search
K

22 matches found

NCSC
NCSC
added 2026/06/17 9:28 a.m.12 views

Vulnerabilities in Oracle Fusion Middleware products

Oracle has identified several vulnerabilities in various products within the Oracle Fusion Middleware suite, including WebLogic Server, WebCenter Content, WebCenter Sites, WebCenter Portal, WebCenter Enterprise Capture, Identity Manager, Identity Manager Connector, Access Manager, Coherence,...

10CVSS5.9AI score0.00565EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2004-2686

Malware in sbrugna...

5.5CVSS6.4AI score0.01286EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2005-4756

Malware in sbrugna...

7.5CVSS6.4AI score0.01536EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/11 3:19 a.m.13 views

CVE-2025-42925

Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP service, an authenticated attacker with low privileges could predict the identifiers by conducting a brute force search. By leveraging knowledge of several identifiers generated close to the same time,...

4.3CVSS6.6AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:2 p.m.3 views

CVE-2021-2394

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIO...

10CVSS7.1AI score0.76567EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/21 10:12 p.m.7 views

CVE-2005-4763

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol IIOP is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow remote attackers to...

7.5CVSS7AI score0.01536EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/06/02 12:0 a.m.9 views

VulnCheck KEV: CVE-2020-2551

Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the WebLogic Server...

9.8CVSS7.4AI score0.93168EPSS
Exploits18References1
OSV
OSV
added 2021/04/22 10:15 p.m.3 views

CVE-2021-2136

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise...

9.8CVSS7AI score0.0224EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/02/02 12:0 a.m.5 views

The vulnerability of Oracle WebLogic Server’s application server core components allows a hacker to gain full control over the application.

The vulnerability of Oracle WebLogic Server’s application server components is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to gain full control over the application through network IIOP and T3 protocols...

10CVSS7.7AI score0.03728EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/02/02 12:0 a.m.5 views

The vulnerability of Oracle WebLogic Server’s application server core components allows a hacker to gain full control over the application.

The vulnerability of Oracle WebLogic Server’s application server components is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to gain full control over the application through network protocols such as IIOP and T3...

10CVSS7.7AI score0.03728EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/08/12 12:0 a.m.4 views

The vulnerability of the Core server component of Oracle WebLogic Server allows a hacker to gain full control over the application.

The vulnerability of the Core server component of Oracle WebLogic Server is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain full control over the application using the IIOP and T3 protocols...

10CVSS7.7AI score0.09886EPSS
Exploits0References2Affected Software1
Gitee
Gitee
added 2020/07/28 9:36 a.m.8 views

Exploit for CVE-2020-2551

CVE-2020-2551 Weblogic IIOP 反序列化 测试环境 Weblogic10.3.6+jdk1.6 打包好的jar包 提取码:a6ob 漏洞利用 下载jar包,然后使用marshalsec起一个恶意的RMI服务,本地编译一个exp.java java package payload; import java.io.IOException; public class exp public exp String cmd = "curl http://172.16.1.1/success"; try...

9.8CVSS7AI score0.93168EPSS
Exploits18
BDU FSTEC
BDU FSTEC
added 2020/06/02 12:0 a.m.4 views

The vulnerability of the WLS Web Services component of the Oracle WebLogic Server application server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the WLS Web Services component of the Oracle WebLogic Server application server is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information through the IIOP and T3 network protocols...

7.8CVSS7.2AI score0.01537EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/06/02 12:0 a.m.7 views

The vulnerability of the Core server component of Oracle WebLogic Server allows a hacker to gain full control over the application.

The vulnerability of the Core server component of Oracle WebLogic Server is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain full control over the application through the IIOP and T3 network protocols...

10CVSS8.1AI score0.94928EPSS
Exploits11References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/06/02 12:0 a.m.3 views

The vulnerability of the WLS Web Services component of the Oracle WebLogic Server application server allows a attacker to gain full control over the application.

The vulnerability of the WLS Web Services component of the Oracle WebLogic Server application server is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain full control over the application through the IIOP and T3 network protocols...

9CVSS7.1AI score0.01384EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/04/15 12:0 a.m.5 views

PT-2020-2527

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 10.3.6.0.0 through 12.2.1.4.0 Description The issue is related to the Core component of Oracle WebLogic Server and is caused by inadequate access control. It allows an unauthenticated attacker with network acces...

10CVSS9.7AI score0.94928EPSS
Exploits11References45
CNVD
CNVD
added 2020/04/15 12:0 a.m.3 views

Unspecified Vulnerability in SAP Business Objects Business Intelligence Platform

SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. A security vulnerability exists in SAP Business Objects Business...

7.5CVSS7.2AI score0.0086EPSS
Exploits0References1
OSV
OSV
added 2016/12/03 6:59 a.m.3 views

CVE-2016-9796

Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods AddJobSet, AddJob, and ExecuteNow that can be used to run arbitrary commands on the...

9.8CVSS5.9AI score0.13356EPSS
Exploits4References5
OpenVAS
OpenVAS
added 2016/07/29 12:0 a.m.390 views

IBM WebSphere Application Server Detection (GIOP)

GIOP General Inter-ORB Protocol based detection of an IBM WebSphere Application Server. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

7.2AI score
Exploits0
OpenVAS
OpenVAS
added 2011/11/18 12:0 a.m.56 views

Ubuntu: Security Advisory (USN-1263-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.3AI score0.96714EPSS
Exploits19References4
Rows per page
Query Builder