Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information.

Threat-Mapped Scoring

Score: 3.0

Priority: P2 - Serious (High)

• S1 – Steal Customer Account Information

EPSS

Score: 0.00798
Percentile: 0.73035

CVSS Scoring

Affected Products

• cpe:2.3:a:oracle:jdeveloper:9.0.4:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:jdeveloper:9.0.5:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:jdeveloper:10.1.2:*:*:*:*:*:*:*

← Back to Home