CVSS: 5.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-3255
https://notcve.org/view.php?id=CVE-2017-3255
27 Jan 2017 — Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: ADF Faces). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. While the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can resul... • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 0CVE-2016-3504
https://notcve.org/view.php?id=CVE-2016-3504
21 Jul 2016 — Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to ADF Faces. Vulnerabilidad no especificada en el componente Oracle JDeveloper en Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 y 12.2.1.0.0 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a ... • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2623
https://notcve.org/view.php?id=CVE-2008-2623
14 Jan 2009 — Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors. Vulnerabilidad no especificada en el componente Oracle JDeveloper en Oracle Application Server 10.1.2.3 permite a usuarios locales afectar la confidencialidad mediante vectores desconocidos. • http://secunia.com/advisories/33525 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2588
https://notcve.org/view.php?id=CVE-2008-2588
14 Oct 2008 — Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 allows local users to affect confidentiality via unknown vectors. Vulnerabilidad no especificada en el componente Oracle JDeveloper en Oracle Application Server v10.1.2.2 permite a usuarios locales afectar a la confidencialidad a través de vectores desconocidos. • http://secunia.com/advisories/32291 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2005-2291
https://notcve.org/view.php?id=CVE-2005-2291
17 Jul 2005 — Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information. Oracle JDeveloper 9.0.4, 9.0.5, y 10.1.2 pasa el password en texto plano como parámetro cuando arranca "sqlplus", lo que permite que usuarios locales obtengan información confidencial. • http://marc.info/?l=bugtraq&m=112129082323341&w=2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2005-2292
https://notcve.org/view.php?id=CVE-2005-2292
17 Jul 2005 — Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information. Oracle JDeveloper 9.0.4, 9.0.5, y 10.1.2 almacena passwords como texto plano en 1) IDEConnections.xml, (2) XSQLConfig.xml y (3) settings.xml. Esto permite que usuarios locales obtengan información confidencial. • http://marc.info/?l=bugtraq&m=112129177927502&w=2 •