Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle jdeveloper 9.0.4 |
||
oracle jdeveloper 9.0.5 |
||
oracle jdeveloper 10.1.2 |