汇总 bea_systems 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
已披露问题常与 跨站脚本、路径处理缺陷与缓冲区溢出 相关,可能在 软件部署与生产负载 场景中带来 文件覆盖与应用崩溃 等暴露风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2010-2375 | Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS. | [email protected] | 6.4 | 6.51% | 2010-07-13 | 2026-06-16 |
| CVE-2008-3257 | Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. | [email protected] | 10.0 | 83.59% | 2008-07-22 | 2026-06-16 |
| CVE-2008-0904 | Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL. | [email protected] | 7.8 | 1.47% | 2008-02-22 | 2026-06-16 |
| CVE-2008-0903 | Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL. | [email protected] | 4.3 | 1.19% | 2008-02-22 | 2026-06-16 |
| CVE-2008-0902 | Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694. | [email protected] | 4.3 | 1.02% | 2008-02-22 | 2026-06-16 |
| CVE-2008-0901 | BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not. | [email protected] | 7.1 | 2.24% | 2008-02-22 | 2026-06-16 |
| CVE-2008-0900 | Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors. | [email protected] | 6.0 | 9.99% | 2008-02-22 | 2026-06-16 |
| CVE-2008-0896 | BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions. | [email protected] | 4.9 | 0.80% | 2008-02-22 | 2026-06-16 |
| CVE-2008-0870 | BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session. | [email protected] | 7.5 | 1.43% | 2008-02-20 | 2026-06-16 |
| CVE-2008-0869 | Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows. | [email protected] | 4.3 | 1.06% | 2008-02-20 | 2026-06-16 |
| CVE-2008-0868 | Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors. | [email protected] | 4.3 | 1.07% | 2008-02-20 | 2026-06-16 |
| CVE-2008-0867 | Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | [email protected] | 4.3 | 1.22% | 2008-02-20 | 2026-06-16 |
| CVE-2008-0865 | Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors. | [email protected] | 5.0 | 1.81% | 2008-02-20 | 2026-06-16 |
| CVE-2008-0864 | Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions. | [email protected] | 5.0 | 1.81% | 2008-02-20 | 2026-06-16 |