CVSS: 5.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-3255
https://notcve.org/view.php?id=CVE-2017-3255
Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: ADF Faces). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. While the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle JDeveloper accessible data. • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html http://www.securityfocus.com/bid/95543 http://www.securitytracker.com/id/1037631 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-3504
https://notcve.org/view.php?id=CVE-2016-3504
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to ADF Faces. Vulnerabilidad no especificada en el componente Oracle JDeveloper en Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 y 12.2.1.0.0 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con ADF Faces. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/92023 http://www.securitytracker.com/id/1036370 •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2623
https://notcve.org/view.php?id=CVE-2008-2623
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors. Vulnerabilidad no especificada en el componente Oracle JDeveloper en Oracle Application Server 10.1.2.3 permite a usuarios locales afectar la confidencialidad mediante vectores desconocidos. • http://secunia.com/advisories/33525 http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html http://www.securityfocus.com/bid/33177 http://www.securitytracker.com/id?1021572 http://www.vupen.com/english/advisories/2009/0115 •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2588
https://notcve.org/view.php?id=CVE-2008-2588
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 allows local users to affect confidentiality via unknown vectors. Vulnerabilidad no especificada en el componente Oracle JDeveloper en Oracle Application Server v10.1.2.2 permite a usuarios locales afectar a la confidencialidad a través de vectores desconocidos. • http://secunia.com/advisories/32291 http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html http://www.securitytracker.com/id?1021054 http://www.vupen.com/english/advisories/2008/2825 https://exchange.xforce.ibmcloud.com/vulnerabilities/45877 •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2005-2291
https://notcve.org/view.php?id=CVE-2005-2291
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information. Oracle JDeveloper 9.0.4, 9.0.5, y 10.1.2 pasa el password en texto plano como parámetro cuando arranca "sqlplus", lo que permite que usuarios locales obtengan información confidencial. • http://marc.info/?l=bugtraq&m=112129082323341&w=2 http://www.red-database-security.com/advisory/oracle_jdeveloper_passes_plaintext_password.html •