Oracle: >> Jdeveloper >> 10.1.2 Security Vulnerabilities
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information.
CVSS Score
4.6
EPSS Score
0.008
Published
2005-07-18
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.
CVSS Score
2.1
EPSS Score
0.003
Published
2005-07-18