Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-2134Oracle Application Server vulnerability

4 documents4 sources
Severity
4.6MEDIUMNVD
EPSS
3.8%
top 11.87%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Oracle Application Server
Timeline
PublishedJan 28
Latest updateApr 29

Description

Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

NVDoracle/application_server7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-cqv9-2wf5-qwrw: Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords2022-04-29
CVEList
CVE-2004-2134: Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords2005-05-27

💥Exploits & PoCs

1
Exploit-DB
OracleAS TopLink Mapping Workbench - Weak Encryption Algorithm2004-01-28
CVE-2004-2134 — Oracle Application Server vulnerability | cvebase