Strix
26.1K

CVE-2004-1367

UnknownEPSS 7.27%

Last modified

CVE-2004-1367 is a vulnerability of currently unknown severity. Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password.. EPSS estimates a 7.27% chance of exploitation in the next 30 days.

Description

Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password.

Metrics

EPSS Probability
7.27%

93.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
OracleApplication ServerAll versions
OracleApplication Server9.0.2
OracleApplication Server9.0.2.0.0
OracleApplication Server9.0.2.0.1
OracleApplication Server9.0.2.1
OracleApplication Server9.0.2.2
OracleApplication Server9.0.2.3
OracleApplication Server9.0.3
OracleApplication Server9.0.3.1
OracleApplication Server9.0.4
OracleApplication Server9.0.4.0
OracleApplication Server9.0.4.1
OracleCollaboration Suiterelease_1
OracleE-Business Suite11.5.1
OracleE-Business Suite11.5.2
OracleE-Business Suite11.5.3
OracleE-Business Suite11.5.4
OracleE-Business Suite11.5.5
OracleE-Business Suite11.5.6
OracleE-Business Suite11.5.7
OracleE-Business Suite11.5.8
OracleE-Business Suite11.5.9
OracleEnterprise Manager9
OracleEnterprise Manager9.0.1
OracleEnterprise Manager Database Control10.1.2
OracleEnterprise Manager Grid Control10.1.0.2
OracleOracle10genterprise_9.0.4_.0
OracleOracle10genterprise_10.1.0.2
OracleOracle10gpersonal_9.0.4_.0
OracleOracle10gpersonal_10.1_.0.2
OracleOracle10gstandard_9.0.4_.0
OracleOracle10gstandard_10.1_.0.2
OracleOracle8ienterprise_8.0.5_.0.0
OracleOracle8ienterprise_8.0.6_.0.0
OracleOracle8ienterprise_8.0.6_.0.1
OracleOracle8ienterprise_8.1.5_.0.0
OracleOracle8ienterprise_8.1.5_.0.2
OracleOracle8ienterprise_8.1.5_.1.0
OracleOracle8ienterprise_8.1.6_.0.0
OracleOracle8ienterprise_8.1.6_.1.0
OracleOracle8ienterprise_8.1.7_.0.0
OracleOracle8ienterprise_8.1.7_.1.0
OracleOracle8ienterprise_8.1.7_.4
OracleOracle8istandard_8.0.6
OracleOracle8istandard_8.0.6_.3
OracleOracle8istandard_8.1.5
OracleOracle8istandard_8.1.6
OracleOracle8istandard_8.1.7
OracleOracle8istandard_8.1.7_.0.0
OracleOracle8istandard_8.1.7_.1

Showing 50 of 87 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2004-1367?
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password.
How severe is CVE-2004-1367?
Severity scoring for CVE-2004-1367 is pending analysis. The EPSS model estimates a 7.27% probability of exploitation in the next 30 days.
How do I fix CVE-2004-1367?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2004-1367?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST