CVE-2004-1366

CWE-2553 documents3 sources

Severity

4.6MEDIUM

EPSS

0.3%

top 47.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Application Server Oracle Collaboration Suite Oracle E-business Suite +6 more

Timeline

PublishedAug 4

Latest updateApr 29

Description

Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages9 packages

▶NVDoracle/application_server11 versions+10

▶NVDoracle/enterprise_manager_database_control10.1.2

▶NVDoracle/oracle8i19 versions+18

▶NVDoracle/oracle9i36 versions+35

▶NVDoracle/oracle10g6 versions+5

Patches

Patch: www.ngssoftware.com ↗Patch: www.oracle.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-3242-g4f6-mjm3: Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms↗2022-04-29

▶

CVEList

CVE-2004-1366: Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms↗2005-01-19

▶