GCVE - cpe:2.3:a:bea:weblogic_server:*:sp4:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:bea:weblogic_server:*:sp4:*:*:*:*:*:*

part: a version: * update: sp4

Vendor	Bea (`c4fe31a7-8f48-5c00-b7c2-e6a20391219c`)
Product	Weblogic Server (`ebf23157-7e5f-5cf4-ba69-dda04749aa52`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2007-0409`	vulnerable	2026-06-03 14:27:56.658514	Details available BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password. Published: 2007-01-23T00:00:00.000Z Updated: 2024-08-07T12:19:30.021Z Open on db.gcve.eu Reference links http://dev2dev.bea.com/pub/advisory/203 http://securitytracker.com/id?1017525 http://secunia.com/advisories/23750 http://www.securityfocus.com/bid/22082 http://osvdb.org/38501	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-0408`	vulnerable	2026-06-03 14:27:56.656243	Details available BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate. Published: 2007-01-23T00:00:00.000Z Updated: 2024-08-07T12:19:29.977Z Open on db.gcve.eu Reference links http://secunia.com/advisories/23750 http://www.securityfocus.com/bid/22082 http://dev2dev.bea.com/pub/advisory/202 http://www.vupen.com/english/advisories/2007/0213 http://osvdb.org/38500	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.