Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1578

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1578
Last Modified 05 Sep 2008 04:30:58
Published 15 Apr 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1578

Summary

The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected.

Vulnerable Systems

Application

  • Sap R 3


References

XF - sap-db-data-access(8972)

BID - 4613

BUGTRAQ - 20020427 SAP R/3 on Oracle: vulnerable Default Installation


Last Updated: 27 May 2016 10:37:24