CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-2291

Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 73.4%

CVSS Severity

CVSS v2 Score 4.6

References

http://marc.info/?l=bugtraq&m=112129082323341&w=2
http://www.red-database-security.com/advisory/oracle_jdeveloper_passes_plaintext_password.html
http://marc.info/?l=bugtraq&m=112129082323341&w=2
http://www.red-database-security.com/advisory/oracle_jdeveloper_passes_plaintext_password.html

Products affected by CVE-2005-2291

Oracle » Jdeveloper » Version: 10.1.2

cpe:2.3:a:oracle:jdeveloper:10.1.2
Oracle » Jdeveloper » Version: 9.0.4

cpe:2.3:a:oracle:jdeveloper:9.0.4
Oracle » Jdeveloper » Version: 9.0.5

cpe:2.3:a:oracle:jdeveloper:9.0.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-2291

Products

Pricing

Contact Us