Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1578


Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1578
Last Modified 05 Sep 2008 04:30:58
Published 15 Apr 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected.

Vulnerable Systems


  • Sap R 3


XF - sap-db-data-access(8972)

BID - 4613

BUGTRAQ - 20020427 SAP R/3 on Oracle: vulnerable Default Installation

Last Updated: 27 May 2016 10:37:24