Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1035


Vulnerability Score 7.5 7.5
CVE Id CVE-2003-1035
Last Modified 10 Sep 2008 03:21:33
Published 15 Apr 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does.

Vulnerable Systems


  • Sap R 3

  • Sapgui 4.6c

  • Sapgui 4.6d


XF - sap-sapinfo-lockout-bypass(11487)

BID - 7007

FULLDISC - 20030304 SAP R/3, account locking and RFC SDK

BUGTRAQ - 20061112 Old SAP exploits

Last Updated: 27 May 2016 10:38:09