GCVE - cpe:2.3:a:bea:weblogic_workshop:8.1:sp6:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:bea:weblogic_workshop:8.1:sp6:*:*:*:*:*:*

part: a version: 8.1 update: sp6

Vendor	Bea (`c4fe31a7-8f48-5c00-b7c2-e6a20391219c`)
Product	Weblogic Workshop (`e9ee881e-9a64-51e9-90f8-5fef24a153af`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2008-0869`	vulnerable	2026-06-03 14:28:38.244575	Details available Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows. Published: 2008-02-21T01:00:00.000Z Updated: 2024-08-07T08:01:39.719Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id?1019438 http://dev2dev.bea.com/pub/advisory/263 http://secunia.com/advisories/29041 http://www.vupen.com/english/advisories/2008/0612/references http://www.vupen.com/english/advisories/2008/0611	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-5576`	vulnerable	2026-06-03 14:28:27.252229	Details available BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands. Published: 2007-10-18T21:00:00.000Z Updated: 2024-08-07T15:39:13.505Z Open on db.gcve.eu Reference links http://osvdb.org/45478 https://exchange.xforce.ibmcloud.com/vulnerabilities/34290 http://dev2dev.bea.com/pub/advisory/226 http://www.vupen.com/english/advisories/2007/1813	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-2705`	vulnerable	2026-06-03 14:28:09.206271	Details available Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors. Published: 2007-05-16T01:00:00.000Z Updated: 2024-08-07T13:49:57.112Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id?1018059 http://osvdb.org/36063 http://www.vupen.com/english/advisories/2007/1815 http://dev2dev.bea.com/pub/advisory/239 https://exchange.xforce.ibmcloud.com/vulnerabilities/34281	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.