4.6

CVE-2004-1366

Exploit

Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.

Data is provided by the National Vulnerability Database (NVD)
OracleApplication Server Version9.0.2
OracleApplication Server Version9.0.2.0.0
OracleApplication Server Version9.0.2.0.1
OracleApplication Server Version9.0.2.1
OracleApplication Server Version9.0.2.2
OracleApplication Server Version9.0.2.3
OracleApplication Server Version9.0.3
OracleApplication Server Version9.0.3.1
OracleApplication Server Version9.0.4
OracleApplication Server Version9.0.4.0
OracleApplication Server Version9.0.4.1
OracleCollaboration Suite Versionrelease_1
OracleE-business Suite Version11.5.1
OracleE-business Suite Version11.5.2
OracleE-business Suite Version11.5.3
OracleE-business Suite Version11.5.4
OracleE-business Suite Version11.5.5
OracleE-business Suite Version11.5.6
OracleE-business Suite Version11.5.7
OracleE-business Suite Version11.5.8
OracleE-business Suite Version11.5.9
OracleEnterprise Manager Version9
OracleEnterprise Manager Version9.0.1
OracleOracle10g Versionenterprise_9.0.4_.0
OracleOracle10g Versionenterprise_10.1.0.2
OracleOracle10g Versionpersonal_9.0.4_.0
OracleOracle10g Versionpersonal_10.1_.0.2
OracleOracle10g Versionstandard_9.0.4_.0
OracleOracle10g Versionstandard_10.1_.0.2
OracleOracle8i Versionenterprise_8.0.5_.0.0
OracleOracle8i Versionenterprise_8.0.6_.0.0
OracleOracle8i Versionenterprise_8.0.6_.0.1
OracleOracle8i Versionenterprise_8.1.5_.0.0
OracleOracle8i Versionenterprise_8.1.5_.0.2
OracleOracle8i Versionenterprise_8.1.5_.1.0
OracleOracle8i Versionenterprise_8.1.6_.0.0
OracleOracle8i Versionenterprise_8.1.6_.1.0
OracleOracle8i Versionenterprise_8.1.7_.0.0
OracleOracle8i Versionenterprise_8.1.7_.1.0
OracleOracle8i Versionenterprise_8.1.7_.4
OracleOracle8i Versionstandard_8.0.6
OracleOracle8i Versionstandard_8.0.6_.3
OracleOracle8i Versionstandard_8.1.5
OracleOracle8i Versionstandard_8.1.6
OracleOracle8i Versionstandard_8.1.7
OracleOracle8i Versionstandard_8.1.7_.0.0
OracleOracle8i Versionstandard_8.1.7_.1
OracleOracle8i Versionstandard_8.1.7_.4
OracleOracle9i Versionclient_9.2.0.1
OracleOracle9i Versionclient_9.2.0.2
OracleOracle9i Versionenterprise_8.1.7
OracleOracle9i Versionenterprise_9.0.1
OracleOracle9i Versionenterprise_9.0.1.4
OracleOracle9i Versionenterprise_9.0.1.5
OracleOracle9i Versionenterprise_9.2.0
OracleOracle9i Versionenterprise_9.2.0.1
OracleOracle9i Versionenterprise_9.2.0.2
OracleOracle9i Versionenterprise_9.2.0.3
OracleOracle9i Versionenterprise_9.2.0.4
OracleOracle9i Versionenterprise_9.2.0.5
OracleOracle9i Versionpersonal_8.1.7
OracleOracle9i Versionpersonal_9.0.1
OracleOracle9i Versionpersonal_9.0.1.4
OracleOracle9i Versionpersonal_9.0.1.5
OracleOracle9i Versionpersonal_9.2
OracleOracle9i Versionpersonal_9.2.0.1
OracleOracle9i Versionpersonal_9.2.0.2
OracleOracle9i Versionpersonal_9.2.0.3
OracleOracle9i Versionpersonal_9.2.0.4
OracleOracle9i Versionpersonal_9.2.0.5
OracleOracle9i Versionstandard_8.1.7
OracleOracle9i Versionstandard_9.0
OracleOracle9i Versionstandard_9.0.1
OracleOracle9i Versionstandard_9.0.1.2
OracleOracle9i Versionstandard_9.0.1.3
OracleOracle9i Versionstandard_9.0.1.4
OracleOracle9i Versionstandard_9.0.1.5
OracleOracle9i Versionstandard_9.0.2
OracleOracle9i Versionstandard_9.2
OracleOracle9i Versionstandard_9.2.0.1
OracleOracle9i Versionstandard_9.2.0.2
OracleOracle9i Versionstandard_9.2.0.3
OracleOracle9i Versionstandard_9.2.0.4
OracleOracle9i Versionstandard_9.2.0.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.3% 0.498
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
http://www.us-cert.gov/cas/techalerts/TA04-245A.html
Patch
Third Party Advisory
US Government Resource