Bea Weblogic Vulnerabilities

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Version

8.1	106
8.0	48
7.0	38
6.1	32
7.0.0.1	24

Remediation

Official Fix	138
Temporary Fix	0
Workaround	2
Unavailable	0
Not Defined	86

Exploitability

High	4
Functional	0
Proof-of-Concept	146
Unproven	2
Not Defined	74

Access Vector

Not Defined	0
Physical	0
Local	34
Adjacent	18
Network	174

Authentication

Not Defined	0
High	0
Low	30
None	196

User Interaction

Not Defined	0
Required	12
None	214

C3BM Index

CVSSv3 Base

≤1	0
≤2	0
≤3	2
≤4	16
≤5	22
≤6	78
≤7	38
≤8	40
≤9	24
≤10	6

CVSSv3 Temp

≤1	0
≤2	0
≤3	2
≤4	18
≤5	60
≤6	66
≤7	44
≤8	26
≤9	6
≤10	4

VulDB

≤1	0
≤2	0
≤3	2
≤4	16
≤5	22
≤6	78
≤7	38
≤8	40
≤9	24
≤10	6

NVD

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

CNA

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Vendor

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Research

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Exploit 0-day

<1k	0
<2k	0
<5k	14
<10k	72
<25k	104
<50k	36
<100k	0
≥100k	0

Exploit Today

<1k	204
<2k	8
<5k	8
<10k	6
<25k	0
<50k	0
<100k	0
≥100k	0

Exploit Market Volume

🔴 CTI Activities

Affected Versions (48): 3.0, 3.1, 3.1.8, 3.2, 3.2.1, 3.3, 3.4, 3.5, 3.6, 4, 4.0.4, 4.5, 4.5.1, 4.5.2, 5.0, 5.1, 6.0, 6.1, 6.1 SP2, 6.1 SP 2, 6.1 SP6, 6.1 SP7, 7, 7.0, 7.0 SP 1, 7.0 SP3, 7.0 SP5, 7.0.0.1, 7.0.0.1 SP 1, 7.0.0.1 SP2, 8.0, 8.0 SP2, 8.1, 8.1 SP1, 8.1 SP2, 8.1 SP3, 8.1 SP4, 8.1 SP5, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.3, 9.0, 9.1, 9.2, 10.0

Link to Product Website: https://www.oracle.com/corporate/acquisitions/bea/

Software Type: Application Server Software

Published	Base	Temp	Vulnerability	0day	Today	Exp	Rem	CTI	CVE
07/22/2008	10.0	10.0	BEA WebLogic Server mod_wl .jsp memory corruption	$25k-$100k	$0-$5k	High	Not Defined	0.00	CVE-2008-3257
02/22/2008	5.3	4.8	BEA WebLogic Server denial of service	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	CVE-2008-0903
02/22/2008	4.3	4.1	BEA WebLogic Server cross site scripting	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00	CVE-2008-0902
02/22/2008	7.5	7.1	BEA WebLogic Server credentials management	$5k-$25k	$5k-$25k	Proof-of-Concept	Not Defined	0.00	CVE-2008-0901
02/22/2008	6.3	6.0	BEA WebLogic Server access control	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00	CVE-2008-0900
02/22/2008	4.3	4.1	BEA WebLogic Server Administration Console cross site scripting	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00	CVE-2008-0899
02/22/2008	6.5	6.2	BEA WebLogic Server Access Restriction access control	$5k-$25k	$5k-$25k	Proof-of-Concept	Not Defined	0.00	CVE-2008-0898
02/22/2008	8.1	7.7	BEA WebLogic Server Access Restriction access control	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.02	CVE-2008-0897
02/22/2008	5.4	4.9	BEA WebLogic Portal Access Restriction access control	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	CVE-2008-0896
02/22/2008	6.5	6.2	BEA WebLogic Server improper authentication	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00	CVE-2008-0895
02/20/2008	7.3	6.9	BEA WebLogic Portal Administration Console link following	$5k-$25k	$5k-$25k	Proof-of-Concept	Not Defined	0.00	CVE-2008-0870
02/20/2008	4.3	3.9	BEA WebLogic Workshop UI Framework cross site scripting	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	CVE-2008-0869
02/20/2008	4.3	3.9	BEA WebLogic Portal cross site scripting	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	CVE-2008-0868
02/20/2008	4.3	4.1	BEA WebLogic Workshop cross site scripting	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00	CVE-2008-0866
02/20/2008	5.3	5.0	BEA WebLogic Portal access control	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00	CVE-2008-0865
02/20/2008	5.3	5.0	BEA WebLogic Portal Access Restriction access control	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00	CVE-2008-0864
02/20/2008	5.3	5.0	BEA WebLogic Server information disclosure	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00	CVE-2008-0863
12/12/2007	7.3	6.9	BEA WebLogic Mobility Server improper authentication	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00	CVE-2007-6384
08/30/2007	6.5	6.2	BEA WebLogic Server information disclosure	$5k-$25k	$0-$5k	High	Official Fix	0.00	CVE-2007-4616
08/30/2007	6.5	6.2	BEA WebLogic Server unknown vulnerability	$5k-$25k	$5k-$25k	Proof-of-Concept	Not Defined	0.00	CVE-2007-4615
08/28/2007	7.5	6.5	BEA WebLogic Server denial of service	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	CVE-2007-4618
08/28/2007	7.5	7.1	BEA WebLogic Server denial of service	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00	CVE-2007-4617
05/23/2007	7.5	7.1	BEA WebLogic Server Administration Console Privilege Escalation	$25k-$100k	$0-$5k	Proof-of-Concept	Not Defined	0.00	CVE-2007-2699
05/14/2007	7.8	6.8	BEA Weblogic Workshop information disclosure	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	CVE-2007-5576
05/14/2007	7.5	7.1	BEA WebLogic Workshop Console path traversal	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00	CVE-2007-2705