Unrated severityNVD Advisory· Published Jul 18, 2005· Updated Apr 16, 2026

CVE-2005-2292

Description

Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.

Affected products

Oracle Corporation/Jdeveloper3 versions
cpe:2.3:a:oracle:jdeveloper:9.0.4:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:oracle:jdeveloper:9.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdeveloper:9.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdeveloper:10.1.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/15991/nvdPatchVendor Advisory
www.oracle.com/technology/deploy/security/pdf/cpujul2005.htmlnvdPatchVendor Advisory
www.red-database-security.com/advisory/oracle_jdeveloper_plaintext_password.htmlnvdVendor Advisory
marc.infonvd
exchange.xforce.ibmcloud.com/vulnerabilities/21342nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000