Oracle FormsBuilder Vulnerability Exposes Sensitive User Data
CVE-2005-2293

5.5MEDIUM

Key Information:

Vendor

Oracle
Status
Forms Builder
Vendor
CVE Published:
18 July 2005

What is CVE-2005-2293?

Oracle FormsBuilder 9.0.4 is susceptible to a vulnerability where sensitive database usernames and passwords are stored in temporary files. These files are not deleted after use, allowing local users to easily access and retrieve sensitive information from the file system. This flaw potentially compromises user credentials and poses a significant risk for unauthorized access to the database, stressing the importance of proper file handling and security measures in application development.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/21343
vdb-entryx_refsource_XF
http://secunia.com/advisories/15991/
third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=112129452232307&w=2
mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.