Lucene search
K
OracleBea Product Suite

32 matches found

CVE
CVE
added 2009/07/14 11:0 p.m.204 views

CVE-2009-0217

CVE-2009-0217 arises from the XML Digital Signature processing where a parameter (HMACOutputLength) does not enforce a minimum length, enabling signature spoofing and authentication bypass across multiple products (e.g., XML-DSig implementations in Oracle, BEA WebLogic, Mono, XML Security Library...

5CVSS7.1AI score0.06348EPSS
CVE
CVE
added 2009/04/15 10:0 a.m.153 views

CVE-2009-1016

CVE-2009-1016 concerns a buffer overflow in BEA/Oracle WebLogic Server Plugins related to parsing SSL certificates. The vulnerability affects WebLogic Server Plug-ins across multiple BEA/Oracle versions and can be triggered by a crafted certificate, potentially impacting confidentiality, integrit...

8.5CVSS6.1AI score0.0203EPSS
CVE
CVE
added 2010/01/13 1:0 a.m.116 views

CVE-2010-0079

Technical details for CVE-2010-0079 are not provided in the supplied connected documents. Please monitor for updates; the available sources reference overlapping CVEs but do not disclose specific affected product/version or remediation.

10CVSS6.9AI score0.03088EPSS
CVE
CVE
added 2009/10/22 6:0 p.m.95 views

CVE-2009-3403

Technical details for CVE-2009-3403 are not provided in the supplied documents. Public information on affected product/version, root cause, impact, or remediation is not available here; monitor for updates from official advisories.

10CVSS7.3AI score0.03063EPSS
CVE
CVE
added 2008/10/14 9:0 p.m.82 views

CVE-2008-4008

CVE-2008-4008 describes a stack-based buffer overflow in the BEA WebLogic Server Apache Connector (mod_wl) affecting WebLogic Server–Apache integration. Affected BEA/Oracle WebLogic versions include 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7. The overflow arises in the Apach...

10CVSS6.3AI score0.56268EPSS
CVE
CVE
added 2009/01/14 2:0 a.m.76 views

CVE-2008-5457

CVE-2008-5457 describes a buffer overflow in BEA/Oracle WebLogic Server plug-ins (Apache/Sun/IIS) used to proxy requests. Public records show a JSESSIONID cookie overflow vector that requires clustering to be exploitable, enabling remote code execution. Exploitation details and PoCs exist (Metasp...

10CVSS6.2AI score0.61309EPSS
Web
CVE
CVE
added 2009/10/22 6:0 p.m.63 views

CVE-2009-3396

CVE-2009-3396 affects Oracle/BEA WebLogic Server (WebLogic Server 10.3 with BEA Product Suite). The connected data confirms an HTML injection vulnerability in the WebLogic Server Console (WLS Console) that allows remote attackers to obtain the WebLogic admin session cookie via specially crafted H...

4.3CVSS6.5AI score0.02079EPSS
CVE
CVE
added 2009/01/14 2:0 a.m.61 views

CVE-2008-5462

CVE-2008-5462 affects BEA/Oracle WebLogic Portal components in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6. The flaw is described as an unspecified vulnerability in the WebLogic Portal component that could allow a remote attacker to impact confidentiality, integrity, and availabi...

6.8CVSS6.7AI score0.01212EPSS
CVE
CVE
added 2008/10/14 9:0 p.m.60 views

CVE-2008-4013

CVE-2008-4013 describes an unspecified remote vulnerability in BEA WebLogic Server within the Oracle BEA Product Suite (versions 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6) that can affect confidentiality, integrity, and availability via unknown vectors. Connected documents corroborate an Oracle CPU Oc...

6.8CVSS6.5AI score0.01212EPSS
CVE
CVE
added 2009/04/15 10:0 a.m.60 views

CVE-2009-1004

CVE-2009-1004 refers to an unspecified vulnerability in BEA WebLogic Server 10.3 within BEA Product Suite 10.3 that could affect confidentiality and integrity via remote, unknown vectors. Connected sources corroborate that Oracle issued a multi-vulnerability CPUAPR2009 patch update in April 2009 ...

4CVSS6.6AI score0.01281EPSS
CVE
CVE
added 2009/04/15 10:0 a.m.60 views

CVE-2009-1012

Affected software: Oracle BEA WebLogic Server plug-ins for Apache and IIS web servers (versions 7.0 Gold–SP7, 8.1 Gold–SP6, 9.0/9.1/9.2 Gold–MP3, 10.0 Gold–MP1, 10.3). The vulnerability is described as an integer overflow in an unspecified plug-in that parses HTTP requests, potentially causing a ...

10CVSS6.6AI score0.03955EPSS
CVE
CVE
added 2008/07/15 11:0 p.m.59 views

CVE-2008-2580

CVE-2008-2580 corresponds to an unspecified information-disclosure vulnerability in Oracle BEA WebLogic Server product lines (10.0 MP1, 9.2 MP3, 9.1, 9.0). The BEA/Oracle risk matrix lists CVE-2008-2580 under WebLogic Server with remote HTTP access, high (CVSS v2) impact in some entries, indicati...

5CVSS6.1AI score0.01801EPSS
CVE
CVE
added 2009/04/15 10:0 a.m.56 views

CVE-2009-1003

CVE-2009-1003 is part of a broader Oracle/BEA WebLogic WebLogic Server vulnerability set disclosed in the April 2009 CPU. Connected sources describe concrete issues across Oracle WebLogic Server products (e.g., 9.x/10.x line including WebLogic Server 10.3) and related components where remote atta...

5CVSS6.8AI score0.01861EPSS
CVE
CVE
added 2009/10/22 6:0 p.m.56 views

CVE-2009-3399

The CVE-2009-3399 entry affects BEA WebLogic Server (WebLogic Server component) in BEA Product Suite versions 7.0.6 and 8.1.5. The vulnerability is associated with the WLS Console and is exploitable over HTTP/Network with no authentication required, enabling remote attackers to impact integrity. ...

4.3CVSS6.6AI score0.02079EPSS
CVE
CVE
added 2008/07/15 11:0 p.m.55 views

CVE-2008-2581

CVE-2008-2581 is an unspecified vulnerability in WebLogic Server (BEA/Oracle Product Suite) affecting multiple WebLogic releases (10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7) related to the UDDI Explorer component. The vulnerability is described as having unknown impact and remote attack vector...

5.1CVSS5.9AI score0.01748EPSS
CVE
CVE
added 2009/01/14 2:0 a.m.55 views

CVE-2008-5459

CVE-2008-5459 affects Oracle BEA WebLogic Server 10.3 (BEA Product Suite 10.3). The vulnerability is described as unspecified, allowing remote attackers to affect confidentiality via unknown vectors. The available documents do not specify the root cause, affected subcomponents, exact versions bey...

5CVSS6.6AI score0.01307EPSS
CVE
CVE
added 2009/01/14 2:0 a.m.53 views

CVE-2008-5461

Oracle WebLogic Server (BEA WebLogic Server) contains an unspecified vulnerability (CVE-2008-5461) that affects multiple versions: 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7. Multiple sources indicate this may be a cross-site scripting issue, with potential consequences including inf...

6.8CVSS5.9AI score0.01434EPSS
CVE
CVE
added 2009/04/15 10:0 a.m.52 views

CVE-2009-1005

Affected products include BEA/Oracle AquaLogic Data Services Platform 3.0/3.2 and Oracle Data Service Integrator 10.3.0, among others. CVE-2009-1005 is described as an unspecified local vulnerability affecting confidentiality, integrity, and availability via unknown vectors. The connected documen...

4.1CVSS5.9AI score0.00315EPSS
CVE
CVE
added 2009/07/14 11:0 p.m.52 views

CVE-2009-1975

CVE-2009-1975 affects BEA WebLogic Server 10.3 (WLS Console Package). The vulnerability in the WLS Console Package allows remote attackers to impact confidentiality, integrity, and availability. Oracle’s July 2009 CPU indicates fixes across BEA/WebLogic components; remediation is to apply the CPU...

6.8CVSS6.7AI score0.02698EPSS
CVE
CVE
added 2010/01/13 1:0 a.m.52 views

CVE-2010-0078

CVE-2010-0078 affects BEA WebLogic Server in the BEA Product Suite (versions 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.1). The vulnerability is described as unspecified and could allow a remote attacker to affect availability via unknown vectors. The connected CPU/patch context indicates Oracle’s January...

5CVSS6.7AI score0.0195EPSS
CVE
CVE
added 2008/10/14 9:0 p.m.51 views

CVE-2008-4009

CVE-2008-4009 affects Oracle WebLogic Server 9.1 (BEA Product Suite 9.1). Connected documents corroborate an unspecified privilege-escalation vulnerability that occurs when the server is configured with more than one authorizer (e.g., XACMLAuthorizer and DefaultAuthorizer). The Nessus plugin expl...

5.1CVSS6.5AI score0.01427EPSS
CVE
CVE
added 2009/01/14 2:0 a.m.51 views

CVE-2008-5460

CVE-2008-5460 concerns an unspecified information disclosure in Oracle WebLogic Server (BEA Product Suite) across versions 10.3, 10.0 MP1, 9.2 MP3, 9.1, and 9.0. A Nessus plugin indicates the vulnerability affects JSP pages and servlets, enabling remote disclosure of information. The root cause a...

2.6CVSS6.6AI score0.01143EPSS
CVE
CVE
added 2009/07/14 11:0 p.m.51 views

CVE-2009-1974

CVE-2009-1974 concerns BEA WebLogic Server (part of BEA/Product Suite) and is described in the CVE entry as an unspecified vulnerability in the WebLogic Server component affecting multiple versions (e.g., 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7). The vulnerability is exploitable remot...

6.8CVSS6.6AI score0.01481EPSS
CVE
CVE
added 2010/01/13 1:0 a.m.51 views

CVE-2010-0069

CVE-2010-0069 is a BEA WebLogic Server vulnerability affecting BEA Product Suite components (7.0 SP7, 8.1 SP6, 9.0–9.2 MP3, 10.0 MP1, 10.3.0). The connected CVE records indicate an unspecified remote vulnerability that could affect integrity via unknown vectors. The Oracle CPU/CPUJan2010 advisory...

4.3CVSS6.7AI score0.01525EPSS
CVE
CVE
added 2008/10/14 9:0 p.m.50 views

CVE-2008-4011

CVE-2008-4011 applies to BEA/Oracle WebLogic Server in BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0. The vulnerability is described as unspecified, allowing remote authenticated users to affect integrity via unknown vectors. The associated NVD entry lists a network-accessible, high-complexit...

2.1CVSS6AI score0.0087EPSS
CVE
CVE
added 2010/01/13 1:0 a.m.50 views

CVE-2010-0074

CVE-2010-0074 concerns the WebLogic Server component of the BEA Product Suite. Per the BEA Product Suite risk matrix, affected releases include BEA WebLogic Server 7.0 through 10.3.1 (specifically 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.1). The description notes an unspecified vulnera...

5CVSS6.7AI score0.01972EPSS
CVE
CVE
added 2008/07/15 11:0 p.m.49 views

CVE-2008-2582

CVE-2008-2582 affects Oracle/BEA WebLogic Server (BEA Product Suite) versions 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, and 10.0 MP1. The initial description notes an unspecified vulnerability with unknown impact and remote attack vectors; the connected BEA/Oracle entries list the WebLogic components ...

5CVSS6.1AI score0.02065EPSS
CVE
CVE
added 2010/01/13 1:0 a.m.49 views

CVE-2010-0068

CVE-2010-0068 affects BEA WebLogic Server (BEA Product Suite) versions 9.0, 9.1, 9.2 MP2, 10.0. The vulnerability is remote, exploitable via HTTP/Web Services, and impacts confidentiality (partial). No exploit details provided in the initial documents. Remediation is via Oracle January 2010 Criti...

5CVSS6.6AI score0.02084EPSS
CVE
CVE
added 2008/10/14 9:0 p.m.46 views

CVE-2008-4010

The CVE-2008-4010 issue pertains to BEA WebLogic Workshop (WebLogic Workshop) in BEA Product Suite 10.3/10.2/10.0 MP1/9.2 MP3/8.1 SP6, where a vulnerability related to NetUI tags could allow remote access to affect confidentiality, integrity, and availability. The underlying cause is not clearly ...

6.8CVSS6.5AI score0.01434EPSS
CVE
CVE
added 2009/10/22 6:0 p.m.46 views

CVE-2009-2002

CVE-2009-2002 refers to a vulnerability in the BEA WebLogic Portal component of the BEA Product Suite. The risk entry indicates a remote attacker could affect integrity over the network via unknown vectors, with a CVSS v2 base score of 4.3 (Medium) and no authentication required, and the impact l...

4.3CVSS6.5AI score0.02079EPSS
CVE
CVE
added 2009/04/15 10:0 a.m.45 views

CVE-2009-1001

CVE-2009-1001 affects Oracle BEA WebLogic Portal 8.1 Gold through SP6. The description indicates an unspecified vulnerability that allows remote authenticated users to gain privileges via unknown vectors, with a CVSS v2 base score of 5.5 (MEDIUM). No concrete exploit vectors or impacted subcompon...

5.5CVSS6.1AI score0.01477EPSS
CVE
CVE
added 2009/04/15 10:0 a.m.44 views

CVE-2009-1002

Concretes details found: CVE-2009-1002 relates to Oracle WebLogic Server family. A vulnerability in the WebLogic Server plugin can cause a stack/heap-like overflow when handling HTTP requests or when parsing SSL certificates, enabling remote attackers to potentially gain privileges. Affected prod...

5.8CVSS6.5AI score0.01485EPSS