Oracle Jdeveloper vulnerabilities

CVE-2016-3504 [CRITICAL] CVE-2016-3504: Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to ADF Faces.

CVE-2008-2623 [LOW] CVE-2008-2623: Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.3 a Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors.

CVE-2008-2588 [LOW] CVE-2008-2588: Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 a Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 allows local users to affect confidentiality via unknown vectors.

CVE-2005-2291 [MEDIUM] CVE-2005-2291: Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when startin Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information.

CVE-2005-2292 [LOW] CVE-2005-2292: Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.