Home/Product/oracle weblogic server
Product

oracle weblogic server

457 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-34315
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions tha
6.5MEDIUM
 CVE-2026-34305
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions tha
7.5HIGH
 CVE-2026-34292
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
7.2HIGH
 CVE-2025-61764
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
5.3MEDIUM
 CVE-2025-61752
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
7.5HIGH
 CVE-2025-50073
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions th
6.1MEDIUM
 CVE-2025-50072
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
4.0MEDIUM
 CVE-2025-50064
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
4.8MEDIUM
 CVE-2025-30762
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
7.5HIGH
 CVE-2025-30753
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
6.5MEDIUM
 CVE-2025-21549
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). The supported version that is
7.5HIGH
 CVE-2025-21535
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
9.8CRITICAL
 CVE-2024-21274
>= 12.2.1.4.0 and <= 14.1.1.0.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are
7.5HIGH
 CVE-2024-21260
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
7.5HIGH
 CVE-2024-21234
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
7.5HIGH
 CVE-2024-21216
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
9.8CRITICAL
 CVE-2024-21183
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
7.5HIGH
 CVE-2024-21182
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
7.5HIGH
 CVE-2024-21181
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
9.8CRITICAL
 CVE-2024-21175
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
7.5HIGH
 CVE-2024-21007
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
7.5HIGH
 CVE-2024-21006
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
7.5HIGH
 CVE-2024-20986
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
6.1MEDIUM
 CVE-2024-20931
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
7.5HIGH
 CVE-2024-20927
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
8.6HIGH
 CVE-2023-22108
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
7.5HIGH
 CVE-2023-22101
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
8.1HIGH
 CVE-2023-22089
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
9.8CRITICAL
 CVE-2023-22086
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
7.5HIGH
 CVE-2023-22072
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). The supported version that is
9.8CRITICAL
 CVE-2023-22069
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
9.8CRITICAL
 CVE-2023-22040
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
6.5MEDIUM
 CVE-2023-22031
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
4.4MEDIUM
 CVE-2023-21996
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions tha
7.5HIGH
 CVE-2023-21979
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
7.5HIGH
 CVE-2023-21964
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
7.5HIGH
 CVE-2023-21960
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
5.6MEDIUM
 CVE-2023-21956
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions th
6.1MEDIUM
 CVE-2023-21931
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
7.5HIGH
 CVE-2023-21842
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions th
7.5HIGH
 CVE-2023-21841
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
7.5HIGH
 CVE-2023-21839
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
7.5HIGH
 CVE-2023-21838
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
7.5HIGH
 CVE-2023-21837
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are af
7.5HIGH
 CVE-2022-21616
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions tha
5.2MEDIUM
 CVE-2022-21564
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that
5.3MEDIUM
 CVE-2022-21560
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
5.3MEDIUM
 CVE-2022-21557
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions tha
5.7MEDIUM
 CVE-2022-21548
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
6.5MEDIUM
 CVE-2022-24891
all versions
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0
5.4MEDIUM
 CVE-2022-23457
all versions
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0
7.5HIGH
 CVE-2022-29577
all versions
OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not
6.1MEDIUM
 CVE-2022-21453
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are
6.1MEDIUM
 CVE-2022-21441
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
7.5HIGH
 CVE-2022-24839
all versions
org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogiri (Rubygem) raises a `java.l
7.5HIGH
 CVE-2022-22965
all versions
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Th
9.8CRITICAL
 CVE-2020-36518
all versions
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
7.5HIGH
 CVE-2022-23437
all versions
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads.
6.5MEDIUM
 CVE-2022-21386
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions tha
6.1MEDIUM
 CVE-2022-21371
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions tha
7.5HIGH
 CVE-2022-21361
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that
6.1MEDIUM
 CVE-2022-21353
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
6.5MEDIUM
 CVE-2022-21350
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
6.5MEDIUM
 CVE-2022-21347
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
6.5MEDIUM
 CVE-2022-21306
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
9.8CRITICAL
 CVE-2022-21292
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are
7.5HIGH
 CVE-2022-21262
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are
6.1MEDIUM
 CVE-2022-21261
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are
6.1MEDIUM
 CVE-2022-21260
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are
6.1MEDIUM
 CVE-2022-21259
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are
6.1MEDIUM
 CVE-2022-21258
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). The supported version that i
6.1MEDIUM
 CVE-2022-21257
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are
6.1MEDIUM
 CVE-2022-21252
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are
6.5MEDIUM
 CVE-2022-23307
all versions
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a compon
8.8HIGH
 CVE-2022-23305
all versions
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted a
9.8CRITICAL
 CVE-2022-23302
all versions
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the
8.8HIGH
 CVE-2021-44832
all versions
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code
6.6MEDIUM
 CVE-2021-45105
all versions
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from sel
5.9MEDIUM
 CVE-2021-23450
all versions
All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.
7.5HIGH
 CVE-2021-4104
all versions
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j config
7.5HIGH
 CVE-2021-41184
all versions
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the `.
6.5MEDIUM
 CVE-2021-41183
all versions
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options o
6.5MEDIUM
 CVE-2021-41182
all versions
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of
6.5MEDIUM
 CVE-2021-35620
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
7.5HIGH
 CVE-2021-35617
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Supported versio
9.8CRITICAL
 CVE-2021-35552
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Diagnostics). Supported versions that
5.3MEDIUM
 CVE-2021-40690
all versions
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureVali
7.5HIGH
 CVE-2021-2403
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
5.3MEDIUM
 CVE-2021-2397
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
9.8CRITICAL
 CVE-2021-2394
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
9.8CRITICAL
 CVE-2021-2382
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Security). Supported versions that are
9.8CRITICAL
 CVE-2021-2378
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
7.5HIGH
 CVE-2021-2376
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that
7.5HIGH
 CVE-2021-2351
all versions
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1
8.3HIGH
 CVE-2021-28170
all versions
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressi
5.3MEDIUM
 CVE-2021-2294
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
6.5MEDIUM
 CVE-2021-2214
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are
4.4MEDIUM
 CVE-2021-2211
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that
5.9MEDIUM
 CVE-2021-2204
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
5.3MEDIUM
 CVE-2021-2157
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: TopLink Integration). Supported versio
7.5HIGH
 CVE-2021-2142
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). The supported version that i
6.1MEDIUM
 CVE-2021-2136
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
9.8CRITICAL
 CVE-2021-2135
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Supported versio
9.8CRITICAL
 CVE-2021-29425
all versions
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo",
4.8MEDIUM
 CVE-2021-3450
all versions
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not
7.4HIGH
 CVE-2021-21350
all versions
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w
5.3MEDIUM
 CVE-2021-21347
all versions
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w
6.1MEDIUM
 CVE-2020-11987
all versions
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By usi
8.2HIGH
 CVE-2021-27568
all versions
An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a f
5.9MEDIUM
 CVE-2020-28491
all versions
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and be
7.5HIGH
 CVE-2021-2109
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are
7.2HIGH
 CVE-2021-2108
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported versio
9.8CRITICAL
 CVE-2021-2075
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are
9.8CRITICAL
 CVE-2021-2064
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported versio
9.8CRITICAL
 CVE-2021-2047
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). Supported versions t
9.8CRITICAL
 CVE-2021-2033
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). Supported versions t
4.3MEDIUM
 CVE-2021-2018
all versions
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 18c
8.3HIGH
 CVE-2021-1996
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that
2.4LOW
 CVE-2021-1995
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that
6.5MEDIUM
 CVE-2021-1994
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that
9.8CRITICAL
 CVE-2020-8908
all versions
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potent
3.3LOW
 CVE-2020-13956
all versions
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed
5.3MEDIUM
 CVE-2020-14750
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are
9.8CRITICAL
 CVE-2020-14883
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are
7.2HIGH
 CVE-2020-14882
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are
9.8CRITICAL
 CVE-2020-14859
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
9.8CRITICAL
 CVE-2020-14841
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
9.8CRITICAL
 CVE-2020-14825
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
9.8CRITICAL
 CVE-2020-14820
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
7.5HIGH
 CVE-2020-14757
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). The supported version t
6.8MEDIUM
 CVE-2020-5421
all versions
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the pr
6.5MEDIUM
 CVE-2020-2967
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that
7.5HIGH
 CVE-2020-2966
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are
5.4MEDIUM
 CVE-2020-14687
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
9.8CRITICAL
 CVE-2020-14652
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
6.5MEDIUM
 CVE-2020-14645
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
9.8CRITICAL
 CVE-2020-14644
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
9.8CRITICAL
 CVE-2020-14640
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that
6.1MEDIUM
 CVE-2020-14639
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that
7.5HIGH
 CVE-2020-14638
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that
6.1MEDIUM
 CVE-2020-14637
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that
6.1MEDIUM
 CVE-2020-14636
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that
6.1MEDIUM
 CVE-2020-14625
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
9.8CRITICAL
 CVE-2020-14622
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
4.9MEDIUM
 CVE-2020-14589
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions tha
7.5HIGH
 CVE-2020-14588
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions tha
8.2HIGH
 CVE-2020-14572
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are
6.1MEDIUM
 CVE-2020-14557
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions tha
6.8MEDIUM
 CVE-2020-10693
all versions
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expre
5.3MEDIUM
 CVE-2020-11022
all versions
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery
6.9MEDIUM
 CVE-2020-11023
all versions
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sourc
6.9MEDIUM
 CVE-2020-9488
all versions
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be in
3.7LOW
 CVE-2020-2963
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that
7.2HIGH
 CVE-2020-2934
all versions
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8
5.0MEDIUM
 CVE-2020-2884
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
9.8CRITICAL
 CVE-2020-2883
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
9.8CRITICAL
 CVE-2020-2869
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are
4.3MEDIUM
 CVE-2020-2867
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions tha
8.2HIGH
 CVE-2020-2829
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Management Services). The supported ve
4.9MEDIUM
 CVE-2020-2828
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Services). The supported versi
7.5HIGH
 CVE-2020-2811
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are
6.1MEDIUM
 CVE-2020-2801
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are aff
9.8CRITICAL
 CVE-2020-2798
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Services). Supported versions
7.2HIGH
 CVE-2020-2766
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are
5.3MEDIUM
 CVE-2020-11620
all versions
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.1HIGH
 CVE-2020-11619
all versions
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.1HIGH
 CVE-2020-11113
all versions
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8HIGH
 CVE-2020-11112
all versions
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8HIGH
 CVE-2020-11111
all versions
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8HIGH
 CVE-2020-10969
all versions
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to jav
8.8HIGH
 CVE-2020-10968
all versions
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8HIGH
 CVE-2020-10673
all versions
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com
8.8HIGH
 CVE-2020-10672
all versions
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8HIGH
 CVE-2020-5258
all versions
In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers t
7.7HIGH
 CVE-2020-9548
all versions
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.
9.8CRITICAL
 CVE-2020-9547
all versions
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com
9.8CRITICAL
 CVE-2020-9546
all versions
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
9.8CRITICAL
 CVE-2020-7226
all versions
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory
7.5HIGH
 CVE-2020-5397
all versions
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring
5.3MEDIUM
 CVE-2020-5398
all versions
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an applica
7.5HIGH
 CVE-2020-2552
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versio
4.8MEDIUM
 CVE-2020-2551
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versio
9.8CRITICAL
 CVE-2020-2550
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versio
5.1MEDIUM
 CVE-2020-2549
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported ve
7.2HIGH
 CVE-2020-2548
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported ve
4.8MEDIUM
 CVE-2020-2547
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are
4.8MEDIUM
 CVE-2020-2546
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE). Suppo
9.8CRITICAL
 CVE-2020-2544
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are
4.3MEDIUM
 CVE-2020-2519
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are
4.3MEDIUM
 CVE-2019-20330
all versions
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
9.8CRITICAL
 CVE-2019-17571
all versions
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to re
9.8CRITICAL
 CVE-2019-10219
all versions
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting
6.1MEDIUM
 CVE-2019-2891
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are
8.1HIGH
 CVE-2019-2890
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that
7.2HIGH
 CVE-2019-2889
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). The supported version th
6.1MEDIUM
 CVE-2019-2888
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: EJB Container). Supported versions tha
5.3MEDIUM
 CVE-2019-2887
all versions
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that
4.3MEDIUM
 CVE-2019-17195
all versions
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an applica
9.8CRITICAL
 CVE-2019-17531
all versions
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (eith
9.8CRITICAL
 CVE-2019-17359
all versions
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMe
7.5HIGH
 CVE-2019-17267
all versions
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.E
9.8CRITICAL
 CVE-2019-16943
all versions
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (eith
9.8CRITICAL
 CVE-2019-16942
all versions
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (eith
9.8CRITICAL
 CVE-2019-3740
all versions
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities du
6.5MEDIUM
 CVE-2019-3739
all versions
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities durin
6.5MEDIUM
 CVE-2019-16335
all versions
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDa
9.8CRITICAL
 CVE-2019-14540
all versions
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariCo
9.8CRITICAL
 CVE-2019-12400
all versions
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents
5.5MEDIUM
 CVE-2019-10086
all versions
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker
7.3HIGH
 CVE-2019-2856
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Application Container - JavaEE).
9.8CRITICAL
 CVE-2019-2827
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported v
5.5MEDIUM
 CVE-2019-2824
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported v
5.5MEDIUM
 CVE-2019-2729
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions
9.8CRITICAL
 CVE-2019-2725
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions
9.8CRITICAL
 CVE-2019-2658
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported v
9.8CRITICAL
 CVE-2019-2650
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported ve
7.5HIGH
 CVE-2019-2649
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported ve
7.5HIGH
 CVE-2019-2648
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported ve
7.5HIGH
 CVE-2019-2647
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported ve
7.5HIGH
 CVE-2019-2646
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: EJB Container). Supported version
9.8CRITICAL
 CVE-2019-2645
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported v
9.8CRITICAL
 CVE-2019-2618
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported v
5.5MEDIUM
 CVE-2019-2615
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported v
4.9MEDIUM
 CVE-2019-2568
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported v
5.0MEDIUM
 CVE-2019-11358
all versions
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Objec
6.1MEDIUM
 CVE-2019-2452
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported v
6.7MEDIUM
 CVE-2019-2441
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Application Container - JavaEE).
5.3MEDIUM
 CVE-2019-2418
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported v
6.5MEDIUM
 CVE-2019-2398
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Deployment). Supported vers
4.3MEDIUM
 CVE-2019-2395
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supporte
5.4MEDIUM
 CVE-2018-15756
all versions
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on t
7.5HIGH
 CVE-2018-3252
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported v
9.8CRITICAL
 CVE-2018-3250
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supporte
6.1MEDIUM
 CVE-2018-3249
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supporte
6.5MEDIUM
 CVE-2018-3248
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supporte
6.5MEDIUM
 CVE-2018-3246
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported ve
7.5HIGH
 CVE-2018-3245
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported v
9.8CRITICAL
 CVE-2018-3213
< 12.2.1.3.0
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Docker Images). The supported ver
7.5HIGH
 CVE-2018-3201
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). The support
9.8CRITICAL
 CVE-2018-3197
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). The support
9.8CRITICAL
 CVE-2018-3191
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported v
9.8CRITICAL
 CVE-2018-2902
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Console). Supported versions that
4.3MEDIUM
 CVE-2018-11771
all versions
When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can f
5.5MEDIUM
 CVE-2018-2933
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported v
4.9MEDIUM
 CVE-2018-2998
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: SAML). Supported versions that ar
5.4MEDIUM
 CVE-2018-2987
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Console). Supported versions that
6.1MEDIUM
 CVE-2018-2935
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JSF). Supported versions that are
8.3HIGH
 CVE-2018-2894
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported ve
9.8CRITICAL
 CVE-2018-2893
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported v
9.8CRITICAL
 CVE-2018-1000613
all versions
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-47
9.8CRITICAL
 CVE-2018-11040
all versions
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications
7.5HIGH
 CVE-2018-11039
all versions
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applica
5.9MEDIUM
 CVE-2018-1000180
all versions
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair genera
7.5HIGH
 CVE-2018-1258
all versions
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when
8.8HIGH
 CVE-2018-1257
all versions
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows application
6.5MEDIUM
 CVE-2018-1313
all versions
In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot
5.3MEDIUM
 CVE-2018-10237
all versions
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service a
5.9MEDIUM
 CVE-2018-2628
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported v
9.8CRITICAL
 CVE-2018-1324
all versions
A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used b
5.5MEDIUM
 CVE-2015-9251
all versions
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the
6.1MEDIUM
 CVE-2018-2625
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions
5.3MEDIUM
 CVE-2017-15707
all versions
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS
6.2MEDIUM
 CVE-2016-8610
all versions
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol define
7.5HIGH
 CVE-2017-10352
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supporte
9.9CRITICAL
 CVE-2017-10336
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported version
5.3MEDIUM
 CVE-2017-10334
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported version
4.3MEDIUM
 CVE-2017-10271
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions
7.5HIGH
 CVE-2017-10152
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported version
6.5MEDIUM
 CVE-2017-10178
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported version
6.1MEDIUM
 CVE-2017-10148
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versi
5.8MEDIUM
 CVE-2017-10147
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versi
8.6HIGH
 CVE-2017-10137
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JNDI). Supported versions that ar
10.0CRITICAL
 CVE-2017-10123
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). The supported ver
4.3MEDIUM
 CVE-2017-10063
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions
4.8MEDIUM
 CVE-2017-3531
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Servlet Runtime). Supported versi
7.2HIGH
 CVE-2017-3506
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions
7.4HIGH
 CVE-2017-5645
all versions
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from anot
9.8CRITICAL
 CVE-2016-7103
all versions
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or
6.1MEDIUM
 CVE-2017-5638
all versions
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and
9.8CRITICAL
 CVE-2017-3248
all versions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versi
9.8CRITICAL
 CVE-2016-5601
all versions
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3.0, 12.2.1.0, and 12.2.1.1 all
6.3MEDIUM
 CVE-2016-5535
all versions
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, 12.2.1.0, and 12
9.8CRITICAL
 CVE-2016-5531
all versions
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 all
9.8CRITICAL
 CVE-2016-5488
all versions
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote
5.3MEDIUM
 CVE-2016-3551
all versions
Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, and
9.8CRITICAL
 CVE-2016-3505
all versions
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 all
8.8HIGH
 CVE-2016-3586
all versions
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 all
9.8CRITICAL
 CVE-2016-3510
all versions
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 all
9.8CRITICAL
 CVE-2016-3499
all versions
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3.0 and 12.2.1.0 allows remote
9.8CRITICAL
 CVE-2016-3445
all versions
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote
5.3MEDIUM
 CVE-2016-3416
all versions
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 a
6.1MEDIUM
 CVE-2016-0700
all versions
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows re
6.1MEDIUM
 CVE-2016-0696
all versions
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6 allows remote attackers to af
5.4MEDIUM
 CVE-2016-0688
all versions
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows re
3.7LOW
 CVE-2016-0675
all versions
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows re
6.1MEDIUM
 CVE-2016-0638
all versions
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 a
9.8CRITICAL
 CVE-2016-0577
all versions
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 a
 CVE-2016-0574
all versions
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 a
 CVE-2016-0573
all versions
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 a
 CVE-2016-0572
all versions
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 a
 CVE-2015-4852
all versions
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute
9.8CRITICAL
 CVE-2010-4453
all versions
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 7.0.7, 8.1.6, 9.0, 9.1, 9.2.4, 10.0.
 CVE-2010-2375
all versions
Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracl
 CVE-2010-0073
all versions
Unspecified vulnerability in the WebLogic Server in Oracle WebLogic Server 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, and 10.3
 CVE-2008-3257
<= 10.3
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and ear
 CVE-2008-2579
all versions
Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite
 CVE-2008-2578
all versions
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 and 9.2 MP1 has unknown impact and loc
 CVE-2008-2577
all versions
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2 MP1 has unknown impact and remote authe
 CVE-2008-2576
all versions
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2, 9.1, 9.0, and 8.1 SP6 has unknown impa
 CVE-2008-0903
<= 10.0
Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2
 CVE-2008-0902
all versions
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers
 CVE-2008-0901
all versions
BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even wh
 CVE-2008-0900
all versions
Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote aut
 CVE-2008-0899
all versions
Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows
 CVE-2008-0898
all versions
The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle
 CVE-2008-0897
all versions
Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions
 CVE-2008-0895
all versions
BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlet
 CVE-2008-0869
all versions
Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allow
 CVE-2008-0863
all versions
BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote att
 CVE-2007-5576
all versions
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which
 CVE-2007-4618
all versions
Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a
 CVE-2007-4617
all versions
Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP4 allows remot
 CVE-2007-4616
all versions
The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, a
 CVE-2007-4615
<= 9.2
The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 someti
 CVE-2007-4614
all versions
BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavai
 CVE-2007-4613
all versions
SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attac
 CVE-2007-2704
all versions
BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port unavailability) by accessing a
 CVE-2007-2701
all versions
The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username a
 CVE-2007-2700
all versions
The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt c
 CVE-2007-2699
all versions
The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Securi
 CVE-2007-2698
all versions
The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, whi
 CVE-2007-2697
all versions
The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certa
 CVE-2007-2696
all versions
The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on t
 CVE-2007-2695
all versions
The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 thro
 CVE-2007-2694
all versions
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7,
 CVE-2007-0425
<= 8.1
Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows atta
 CVE-2007-0424
all versions
Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netsca
 CVE-2007-0422
all versions
BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (serve
 CVE-2007-0421
all versions
BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consum
 CVE-2007-0420
all versions
BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, wh
 CVE-2007-0419
all versions
The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which
 CVE-2007-0418
<= 8.1
BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permis
 CVE-2007-0417
<= 7.0
BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm
 CVE-2007-0416
all versions
The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messa
 CVE-2007-0415
<= 8.1
BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment o
 CVE-2007-0414
<= 8.1
BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a deni
 CVE-2007-0413
<= 8.1
BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a backup of config.xml after offline editing, which allows local
 CVE-2007-0412
all versions
BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary fi
 CVE-2007-0411
<= 8.1
BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates
 CVE-2007-0410
all versions
Unspecified vulnerability in the thread management in BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1, when T3
 CVE-2007-0409
<= 8.1
BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSo
 CVE-2007-0408
<= 8.1
BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allo
 CVE-2006-2546
all versions
A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the admini
 CVE-2006-2472
all versions
Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 through SP5, 7.0 through SP6, and 6.1 through SP7 allows untrust
 CVE-2006-2471
all versions
Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information t
 CVE-2006-2470
all versions
Unspecified vulnerability in the WebLogic Server Administration Console for BEA WebLogic Server 9.0 prevents the console from sett
 CVE-2006-2469
all versions
The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in
 CVE-2006-2468
all versions
The WebLogic Server Administration Console in BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 displays the domain name in the
 CVE-2006-2467
all versions
BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 displays the internal IP address of the WebLogic server in the
 CVE-2006-2466
all versions
BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain
 CVE-2006-2464
all versions
stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6 displays the administrator password
 CVE-2006-2462
all versions
BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6, may send sensitive data over non-secure channels when
 CVE-2006-2461
all versions
BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevent
 CVE-2006-1352
all versions
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and WebLogic Server 6.1 SP7 and earlier allow r
 CVE-2006-1351
all versions
BEA WebLogic Server 6.1 SP7 and earlier allows remote attackers to read arbitrary files via unknown attack vectors related to a "d
 CVE-2006-0432
all versions
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration
 CVE-2006-0431
all versions
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP5 allows untrusted applications to obtain the server's
 CVE-2006-0430
all versions
Certain configurations of BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6, when connection filt
 CVE-2006-0429
all versions
BEA WebLogic Server and WebLogic Express 9.0 causes new security providers to appear active even if they have not been activated b
 CVE-2006-0427
all versions
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet app
 CVE-2006-0426
all versions
BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, sto
 CVE-2006-0424
all versions
BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest u
 CVE-2006-0422
all versions
Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through
 CVE-2006-0421
all versions
By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on
 CVE-2006-0420
all versions
BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative f
 CVE-2006-0419
all versions
BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP ser
 CVE-2005-4767
all versions
BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication
 CVE-2005-4766
all versions
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which mig
 CVE-2005-4765
all versions
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 SP6 and earlier, when using the weblogic.Deployer command wit
 CVE-2005-4764
all versions
BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guess
 CVE-2005-4763
all versions
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-OR
 CVE-2005-4762
all versions
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the bo
 CVE-2005-4761
all versions
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier log the Java command li
 CVE-2005-4760
all versions
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDelegatedAuthorization is enabled
 CVE-2005-4759
all versions
BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system platforms, do not warn the admini
 CVE-2005-4758
all versions
Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remo
 CVE-2005-4757
all versions
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly "constrain" a "/" (slash) s
 CVE-2005-4756
all versions
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals
 CVE-2005-4755
all versions
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase)
 CVE-2005-4754
all versions
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow remote attackers to obtain sensitive information (intranet IP a
 CVE-2005-4753
all versions
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, in certain "heavy usage" scenarios, report
 CVE-2005-4752
all versions
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges
 CVE-2005-4751
all versions
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6
 CVE-2005-4750
all versions
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier allow remote attackers
 CVE-2005-4749
all versions
HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1
 CVE-2005-4705
all versions
BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application cre
 CVE-2005-4704
all versions
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when
 CVE-2005-2092
all versions
BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and cond
 CVE-2005-1749
all versions
Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of servic
 CVE-2005-1748
all versions
The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows rem
 CVE-2005-1747
all versions
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through
 CVE-2005-1746
all versions
The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified i
 CVE-2005-1745
all versions
The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect l
 CVE-2005-1744
<= 7.0
BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, whic
9.8CRITICAL
 CVE-2005-1743
all versions
BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a
 CVE-2005-1742
all versions
BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC conn
 CVE-2005-1380
all versions
Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML
 CVE-2005-0432
all versions
BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that
 CVE-2004-2696
all versions
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Prot
 CVE-2004-2424
all versions
BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service (network port con
 CVE-2004-2321
all versions
BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via
 CVE-2004-2320
all versions
The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 th
5.3MEDIUM
 CVE-2004-1757
all versions
BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows l
 CVE-2004-0652
all versions
BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to o
 CVE-2004-0204
all versions
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10
 CVE-2004-0715
all versions
The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not pro
 CVE-2004-0713
all versions
The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0
 CVE-2004-0712
all versions
The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log fi
 CVE-2004-0711
all versions
The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were th
 CVE-2004-0471
all versions
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and s
 CVE-2004-0470
all versions
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or
 CVE-2004-1758
all versions
BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username a
 CVE-2004-1756
all versions
BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust ma
 CVE-2003-1438
all versions
Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stat
 CVE-2003-1437
all versions
BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private
 CVE-2003-1290
all versions
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers t
 CVE-2003-1226
all versions
BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, fi
 CVE-2003-1225
all versions
The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allo
 CVE-2003-1224
all versions
Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the scr
 CVE-2003-1223
all versions
The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (No
 CVE-2003-1222
all versions
BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the passwor
 CVE-2003-1221
all versions
BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made
 CVE-2003-1220
all versions
BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denia
 CVE-2003-1094
all versions
BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user,
 CVE-2003-1093
all versions
BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's p
 CVE-2003-0624
<= 8.1
Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to injec
 CVE-2003-0623
all versions
Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to i
 CVE-2003-0622
all versions
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname
 CVE-2003-0621
all versions
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the
 CVE-2003-0733
all versions
Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and
 CVE-2003-0640
all versions
BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite use
 CVE-2003-0151
all versions
BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform admini
 CVE-2003-1095
all versions
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear auth
 CVE-2002-2177
all versions
BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response fo
 CVE-2002-2142
all versions
An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express
 CVE-2002-2141
all versions
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, wil
 CVE-2002-1030
all versions
Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause
 CVE-2002-0106
all versions
BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that c
 CVE-2001-0098
<= 4.5.2
Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begi
 CVE-2000-1238
all versions
BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP
 CVE-2000-0685
all versions
BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and
 CVE-2000-0684
all versions
BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute
 CVE-2000-0683
all versions
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes
 CVE-2000-0682
all versions
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which inv
 CVE-2000-0681
<= 4.5.2
Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .J
 CVE-2000-0500
all versions
The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL begin
 CVE-2000-0499
>= 3.1.8 and <= 4.5.1
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by req
7.5HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin