Vulnerabilities > BEA Systems > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-02-22 | CVE-2008-0904 | Information Exposure vulnerability in BEA Systems Aqualogic Interaction and Plumtree Collaboration Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL. | 7.8 |
| 2008-02-22 | CVE-2008-0901 | Information Exposure vulnerability in multiple products BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not. | 7.1 |
| 2008-02-21 | CVE-2008-0870 | Link Following vulnerability in multiple products BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session. | 7.5 |