CVE-2005-2292

Опубликовано: 18 июл. 2005

Источник: nvd

CVSS2: 2.1

EPSS Низкий

Описание

Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.

Ссылки

http://marc.info/?l=bugtraq&m=112129177927502&w=2
http://secunia.com/advisories/15991/
Patch
Vendor Advisory
http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html
Patch
Vendor Advisory
http://www.red-database-security.com/advisory/oracle_jdeveloper_plaintext_password.html
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/21342
http://marc.info/?l=bugtraq&m=112129177927502&w=2
http://secunia.com/advisories/15991/
Patch
Vendor Advisory
http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html
Patch
Vendor Advisory
http://www.red-database-security.com/advisory/oracle_jdeveloper_plaintext_password.html
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/21342

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:oracle:jdeveloper:9.0.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdeveloper:9.0.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdeveloper:10.1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00331

Низкий

2.1 Low

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-vhm2-37q8-p9f4

github

почти 4 года назад