Bea Vulnerabilities

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Application Server Software	228
Not Defined	12

Product

BEA WebLogic Server	118
BEA WebLogic	70
BEA WebLogic Portal	28
BEA Tuxedo	6
BEA Weblogic Integration	2

Remediation

Official Fix	126
Temporary Fix	0
Workaround	2
Unavailable	0
Not Defined	112

Exploitability

High	2
Functional	0
Proof-of-Concept	148
Unproven	4
Not Defined	86

Access Vector

Not Defined	0
Physical	0
Local	36
Adjacent	8
Network	196

Authentication

Not Defined	0
High	0
Low	40
None	200

User Interaction

Not Defined	0
Required	22
None	218

C3BM Index

CVSSv3 Base

≤1	0
≤2	0
≤3	0
≤4	24
≤5	22
≤6	86
≤7	28
≤8	62
≤9	10
≤10	8

CVSSv3 Temp

≤1	0
≤2	0
≤3	0
≤4	28
≤5	62
≤6	62
≤7	54
≤8	26
≤9	2
≤10	6

VulDB

≤1	0
≤2	0
≤3	0
≤4	24
≤5	22
≤6	86
≤7	28
≤8	62
≤9	10
≤10	8

NVD

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

CNA

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Vendor

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Research

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Exploit 0-day

<1k	0
<2k	0
<5k	16
<10k	72
<25k	118
<50k	34
<100k	0
≥100k	0

Exploit Today

<1k	200
<2k	16
<5k	16
<10k	8
<25k	0
<50k	0
<100k	0
≥100k	0

Exploit Market Volume

🔴 CTI Activities

Affected Products (16): AquaLogic Interaction (2), AquaLogic Service Bus (1), Aqualogic Service Bus (2), BEA WebLogic Portal (1), JRockit (1), Plumtree Collaboration (1), Plumtree Foundation (1), Tuxedo (6), WebLogic (71), WebLogic Mobility Server (1), WebLogic Portal (23), WebLogic Server (124), WebLogic Workshop (3), Weblogic (1), Weblogic Integration (1), Weblogic Workshop (1)

Link to Vendor Website: https://www.oracle.com/corporate/acquisitions/bea/

Published	Base	Temp	Vulnerability	Prod	Exp	Rem	EPSS	CTI	CVE
07/22/2008	10.0	10.0	BEA WebLogic Server mod_wl .jsp memory corruption	Application Server Software	High	Not Defined	0.93269	0.00	CVE-2008-3257
02/22/2008	5.3	4.8	BEA WebLogic Server denial of service	Application Server Software	Proof-of-Concept	Official Fix	0.00600	0.00	CVE-2008-0903
02/22/2008	4.3	4.1	BEA WebLogic Server cross site scripting	Application Server Software	Proof-of-Concept	Not Defined	0.00243	0.00	CVE-2008-0902
02/22/2008	7.5	7.1	BEA WebLogic Server credentials management	Application Server Software	Proof-of-Concept	Not Defined	0.00609	0.00	CVE-2008-0901
02/22/2008	6.3	6.0	BEA WebLogic Server access control	Application Server Software	Proof-of-Concept	Not Defined	0.00231	0.00	CVE-2008-0900
02/22/2008	4.3	4.1	BEA WebLogic Server Administration Console cross site scripting	Application Server Software	Proof-of-Concept	Not Defined	0.00279	0.00	CVE-2008-0899
02/22/2008	6.5	6.2	BEA WebLogic Server Access Restriction access control	Application Server Software	Proof-of-Concept	Not Defined	0.00256	0.00	CVE-2008-0898
02/22/2008	8.1	7.7	BEA WebLogic Server Access Restriction access control	Application Server Software	Proof-of-Concept	Not Defined	0.00231	0.02	CVE-2008-0897
02/22/2008	5.4	4.9	BEA WebLogic Portal Access Restriction access control	Application Server Software	Proof-of-Concept	Official Fix	0.00076	0.00	CVE-2008-0896
02/22/2008	6.5	6.2	BEA WebLogic Server improper authentication	Application Server Software	Proof-of-Concept	Not Defined	0.00304	0.00	CVE-2008-0895
02/20/2008	7.3	6.9	BEA WebLogic Portal Administration Console link following	Application Server Software	Proof-of-Concept	Not Defined	0.00860	0.00	CVE-2008-0870
02/20/2008	4.3	3.9	BEA WebLogic Workshop UI Framework cross site scripting	Application Server Software	Proof-of-Concept	Official Fix	0.00456	0.00	CVE-2008-0869
02/20/2008	4.3	3.9	BEA WebLogic Portal cross site scripting	Application Server Software	Proof-of-Concept	Official Fix	0.00238	0.00	CVE-2008-0868
02/20/2008	4.3	3.9	BEA Plumtree Foundation cross site scripting	Unknown	Proof-of-Concept	Official Fix	0.00452	0.00	CVE-2008-0867
02/20/2008	4.3	4.1	BEA WebLogic Workshop cross site scripting	Application Server Software	Proof-of-Concept	Not Defined	0.00279	0.00	CVE-2008-0866
02/20/2008	5.3	5.0	BEA WebLogic Portal access control	Application Server Software	Proof-of-Concept	Not Defined	0.00293	0.00	CVE-2008-0865
02/20/2008	5.3	5.0	BEA WebLogic Portal Access Restriction access control	Application Server Software	Proof-of-Concept	Not Defined	0.00293	0.00	CVE-2008-0864
02/20/2008	5.3	5.0	BEA WebLogic Server information disclosure	Application Server Software	Proof-of-Concept	Not Defined	0.00294	0.00	CVE-2008-0863
02/19/2008	7.5	6.7	BEA Plumtree Collaboration information disclosure	Groupware Software	Proof-of-Concept	Official Fix	0.00463	0.00	CVE-2008-0904
12/12/2007	7.3	6.9	BEA WebLogic Mobility Server improper authentication	Application Server Software	Proof-of-Concept	Not Defined	0.02056	0.00	CVE-2007-6384
12/01/2007	5.3	5.0	BEA AquaLogic Interaction information disclosure	Unknown	Proof-of-Concept	Not Defined	0.02358	0.00	CVE-2007-6198
12/01/2007	5.3	5.0	BEA AquaLogic Interaction information disclosure	Unknown	Proof-of-Concept	Not Defined	0.01255	0.00	CVE-2007-6197
08/30/2007	6.5	6.2	BEA WebLogic Server information disclosure	Application Server Software	High	Official Fix	0.00873	0.00	CVE-2007-4616
08/30/2007	6.5	6.2	BEA WebLogic Server unknown vulnerability	Application Server Software	Proof-of-Concept	Not Defined	0.01215	0.00	CVE-2007-4615
08/28/2007	7.5	6.5	BEA WebLogic Server denial of service	Application Server Software	Proof-of-Concept	Official Fix	0.01094	0.00	CVE-2007-4618

215 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 215 results.

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!