Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle jdeveloper 9.0.4 |
||
oracle jdeveloper 9.0.5 |
||
oracle jdeveloper 10.1.2 |