CVE Tools

bea systems

Unclassifiedunknown

14

Cumulative CVEs

3

Monthly snapshots

#6

Peak rank

Top products

weblogic server1

Latest CVEs

The 14 most recently published vulnerabilities affecting bea systems.

CVE-2010-2375Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, ...6.4Jul 13, 2010
CVE-2008-3257Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long H...10.0Jul 22, 2008
CVE-2008-0904Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a craft...7.8Feb 22, 2008
CVE-2008-0903Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of serv...4.3Feb 22, 2008
CVE-2008-0902Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. N...4.3Feb 22, 2008
CVE-2008-0901BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indica...7.1Feb 22, 2008
CVE-2008-0900Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.6.0Feb 22, 2008
CVE-2008-0896BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers t...4.9Feb 22, 2008
CVE-2008-0870BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allow...7.5Feb 21, 2008
CVE-2008-0869Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "fr...4.3Feb 21, 2008
CVE-2008-0868Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via un...4.3Feb 21, 2008
CVE-2008-0867Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote attackers to inject arbitrary web scr...4.3Feb 21, 2008
CVE-2008-0865Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors.5.0Feb 21, 2008
CVE-2008-0864Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to b...5.0Feb 21, 2008