Search Results (Refine Search)
- CPE Product Version: cpe:/a:bea:weblogic_server:6.1:sp6
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2004-2696 |
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call. Published: December 31, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.5 MEDIUM |
CVE-2004-0713 |
The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown. Published: July 27, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2004-1758 |
BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges. Published: April 13, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2003-1290 |
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI). Published: December 31, 2003; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |