彙總 bea_systems 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 跨站腳本、路徑處理缺陷與緩衝區溢位 相關,可能在 軟體部署與生產負載 場景中帶來 檔案覆寫與應用程式崩潰 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2010-2375 | Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS. | [email protected] | 6.4 | 6.51% | 2010-07-13 | 2026-06-16 |
| CVE-2008-3257 | Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. | [email protected] | 10.0 | 83.59% | 2008-07-22 | 2026-06-16 |
| CVE-2008-0904 | Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL. | [email protected] | 7.8 | 1.47% | 2008-02-22 | 2026-06-16 |
| CVE-2008-0903 | Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL. | [email protected] | 4.3 | 1.19% | 2008-02-22 | 2026-06-16 |
| CVE-2008-0902 | Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694. | [email protected] | 4.3 | 1.02% | 2008-02-22 | 2026-06-16 |
| CVE-2008-0901 | BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not. | [email protected] | 7.1 | 2.24% | 2008-02-22 | 2026-06-16 |
| CVE-2008-0900 | Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors. | [email protected] | 6.0 | 9.99% | 2008-02-22 | 2026-06-16 |
| CVE-2008-0896 | BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions. | [email protected] | 4.9 | 0.80% | 2008-02-22 | 2026-06-16 |
| CVE-2008-0870 | BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session. | [email protected] | 7.5 | 1.43% | 2008-02-20 | 2026-06-16 |
| CVE-2008-0869 | Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows. | [email protected] | 4.3 | 1.06% | 2008-02-20 | 2026-06-16 |
| CVE-2008-0868 | Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors. | [email protected] | 4.3 | 1.07% | 2008-02-20 | 2026-06-16 |
| CVE-2008-0867 | Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | [email protected] | 4.3 | 1.22% | 2008-02-20 | 2026-06-16 |
| CVE-2008-0865 | Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors. | [email protected] | 5.0 | 1.81% | 2008-02-20 | 2026-06-16 |
| CVE-2008-0864 | Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions. | [email protected] | 5.0 | 1.81% | 2008-02-20 | 2026-06-16 |