CVE-2005-2291

3 documents3 sources
Severity
4.6MEDIUM
EPSS
0.8%
top 25.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Jdeveloper
Timeline
PublishedJul 18
Latest updateMay 1

Description

Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

NVDoracle/jdeveloper10.1.2, 9.0.4, 9.0.5+2

Patches

Patch: www.red-database-security.comPatch: www.red-database-security.com

🔴Vulnerability Details

2
GHSA
GHSA-vm8x-w2mq-hvv9: Oracle JDeveloper 92022-05-01
CVEList
CVE-2005-2291: Oracle JDeveloper 92005-07-17
CVE-2005-2291 (MEDIUM CVSS 4.6) | Oracle JDeveloper 9.0.4 | cvebase.io