Bea Luki w zabezpieczeniach

Oś czasu

Rodzaj

Application Server Software	232
Not Defined	8

Produkt

BEA WebLogic Server	126
BEA WebLogic	82
BEA WebLogic Portal	16
BEA AquaLogic Interaction	2
BEA Aqualogic Service Bus	2

Przeciwdziałanie

Official Fix	128
Temporary Fix	0
Workaround	4
Unavailable	0
Not Defined	108

Wykorzystywanie

High	0
Functional	0
Proof-of-Concept	164
Unproven	4
Not Defined	72

Wektor dostępu

Not Defined	0
Physical	0
Local	34
Adjacent	12
Network	194

Uwierzytelnianie

Not Defined	0
High	0
Low	40
None	200

Interakcja z użytkownikiem

Not Defined	0
Required	22
None	218

C3BM Index

CVSSv3 Base

≤1	0
≤2	0
≤3	0
≤4	24
≤5	20
≤6	72
≤7	34
≤8	58
≤9	22
≤10	10

CVSSv3 Temp

≤1	0
≤2	0
≤3	2
≤4	26
≤5	58
≤6	58
≤7	48
≤8	34
≤9	8
≤10	6

VulDB

≤1	0
≤2	0
≤3	0
≤4	24
≤5	20
≤6	72
≤7	34
≤8	58
≤9	22
≤10	10

NVD

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

CNA

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Sprzedawca

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Research

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Exploit 0-day

<1k	0
<2k	0
<5k	18
<10k	76
<25k	106
<50k	38
<100k	2
≥100k	0

Wykorzystaj dzisiaj

<1k	198
<2k	22
<5k	12
<10k	8
<25k	0
<50k	0
<100k	0
≥100k	0

Wykorzystaj wielkość rynku

🔴 CTI Zajęcia

Affected Products (16): AquaLogic Interaction (2), AquaLogic Service Bus (1), Aqualogic Service Bus (2), BEA WebLogic Portal (1), JRockit (1), Plumtree Collaboration (1), Plumtree Foundation (1), Tuxedo (6), WebLogic (71), WebLogic Mobility Server (1), WebLogic Portal (23), WebLogic Server (124), WebLogic Workshop (3), Weblogic (1), Weblogic Integration (1), Weblogic Workshop (1)

Link to Vendor Website: https://www.oracle.com/corporate/acquisitions/bea/

Opublikowano	Base	Temp	Słaby punkt	Prod	Wyk	Prz	EPSS	CTI	CVE
2008-07-22	10.0	10.0	BEA WebLogic Server mod_wl .jsp memory corruption	Application Server Software	High	Not Defined	0.93269	0.00	CVE-2008-3257
2008-02-22	5.3	4.8	BEA WebLogic Server denial of service	Application Server Software	Proof-of-Concept	Official Fix	0.00600	0.00	CVE-2008-0903
2008-02-22	4.3	4.1	BEA WebLogic Server cross site scripting	Application Server Software	Proof-of-Concept	Not Defined	0.00243	0.00	CVE-2008-0902
2008-02-22	7.5	7.1	BEA WebLogic Server privilege escalation	Application Server Software	Proof-of-Concept	Not Defined	0.00421	0.00	CVE-2008-0901
2008-02-22	6.3	6.0	BEA WebLogic Server privilege escalation	Application Server Software	Proof-of-Concept	Not Defined	0.00231	0.00	CVE-2008-0900
2008-02-22	4.3	4.1	BEA WebLogic Server Administration Console cross site scripting	Application Server Software	Proof-of-Concept	Not Defined	0.00279	0.00	CVE-2008-0899
2008-02-22	6.5	6.2	BEA WebLogic Server Access Restriction privilege escalation	Application Server Software	Proof-of-Concept	Not Defined	0.00256	0.00	CVE-2008-0898
2008-02-22	8.1	7.7	BEA WebLogic Server Access Restriction privilege escalation	Application Server Software	Proof-of-Concept	Not Defined	0.00231	0.02	CVE-2008-0897
2008-02-22	5.4	4.9	BEA WebLogic Portal Access Restriction privilege escalation	Application Server Software	Proof-of-Concept	Official Fix	0.00076	0.00	CVE-2008-0896
2008-02-22	6.5	6.2	BEA WebLogic Server weak authentication	Application Server Software	Proof-of-Concept	Not Defined	0.00304	0.00	CVE-2008-0895
2008-02-20	7.3	6.9	BEA WebLogic Portal Administration Console privilege escalation	Application Server Software	Proof-of-Concept	Not Defined	0.00860	0.00	CVE-2008-0870
2008-02-20	4.3	3.9	BEA WebLogic Workshop UI Framework cross site scripting	Application Server Software	Proof-of-Concept	Official Fix	0.00321	0.00	CVE-2008-0869
2008-02-20	4.3	3.9	BEA WebLogic Portal cross site scripting	Application Server Software	Proof-of-Concept	Official Fix	0.00238	0.00	CVE-2008-0868
2008-02-20	4.3	3.9	BEA Plumtree Foundation cross site scripting	Nieznany	Proof-of-Concept	Official Fix	0.00319	0.00	CVE-2008-0867
2008-02-20	4.3	4.1	BEA WebLogic Workshop cross site scripting	Application Server Software	Proof-of-Concept	Not Defined	0.00279	0.00	CVE-2008-0866
2008-02-20	5.3	5.0	BEA WebLogic Portal privilege escalation	Application Server Software	Proof-of-Concept	Not Defined	0.00293	0.00	CVE-2008-0865
2008-02-20	5.3	5.0	BEA WebLogic Portal Access Restriction privilege escalation	Application Server Software	Proof-of-Concept	Not Defined	0.00293	0.00	CVE-2008-0864
2008-02-20	5.3	5.0	BEA WebLogic Server information disclosure	Application Server Software	Proof-of-Concept	Not Defined	0.00294	0.00	CVE-2008-0863
2008-02-19	7.5	6.7	BEA Plumtree Collaboration information disclosure	Groupware Software	Proof-of-Concept	Official Fix	0.00454	0.00	CVE-2008-0904
2007-12-12	7.3	6.9	BEA WebLogic Mobility Server weak authentication	Application Server Software	Proof-of-Concept	Not Defined	0.02056	0.00	CVE-2007-6384
2007-12-01	5.3	5.0	BEA AquaLogic Interaction information disclosure	Nieznany	Proof-of-Concept	Not Defined	0.02358	0.00	CVE-2007-6198
2007-12-01	5.3	5.0	BEA AquaLogic Interaction information disclosure	Nieznany	Proof-of-Concept	Not Defined	0.00888	0.00	CVE-2007-6197
2007-08-30	6.5	6.2	BEA WebLogic Server information disclosure	Application Server Software	High	Official Fix	0.00873	0.00	CVE-2007-4616
2007-08-30	6.5	6.2	BEA WebLogic Server nieznana luka	Application Server Software	Proof-of-Concept	Not Defined	0.01215	0.00	CVE-2007-4615
2007-08-28	7.5	6.5	BEA WebLogic Server denial of service	Application Server Software	Proof-of-Concept	Official Fix	0.01094	0.00	CVE-2007-4618

Bea Luki w zabezpieczeniach

Oś czasu

Rodzaj

Produkt

Przeciwdziałanie

Wykorzystywanie

Wektor dostępu

Uwierzytelnianie

Interakcja z użytkownikiem

C3BM Index

CVSSv3 Base

CVSSv3 Temp

VulDB

NVD

CNA

Sprzedawca

Research

Exploit 0-day

Wykorzystaj dzisiaj

Wykorzystaj wielkość rynku

🔴 CTI Zajęcia

🔒 Login Required

Do you know our Splunk app?