Lucene search

[email protected]CVE-2002-1578

HistoryApr 15, 2004 - 4:00 a.m.

CVE-2002-1578

2004-04-1504:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sap

r/3

installation

remote attackers

sensitive data

oracle

sql*net

cve-2002-1578

7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.4%

JSON

The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected.

CPENameOperatorVersion
sap:sap_r_3sap sap r 3eq*

CPE	Name	Operator	Version
sap:sap_r_3	sap sap r 3	eq	*

References

archives.neohapsis.com/archives/bugtraq/2002-04/0387.html

www.securityfocus.com/bid/4613

exchange.xforce.ibmcloud.com/vulnerabilities/8972

7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.4%

JSON