Lucene search

[email protected]NVD:CVE-2002-1578

HistoryApr 15, 2004 - 4:00 a.m.

CVE-2002-1578

2004-04-1504:00:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.016

Percentile

87.6%

JSON

The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected.

Affected configurations

Nvd

Node

sapsap_r_3

VendorProductVersionCPE
sapsap_r_3*cpe:2.3:a:sap:sap_r_3:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	sap_r_3	*	cpe:2.3:a:sap:sap_r_3::::::::

References

archives.neohapsis.com/archives/bugtraq/2002-04/0387.html

www.securityfocus.com/bid/4613

exchange.xforce.ibmcloud.com/vulnerabilities/8972

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.016

Percentile

87.6%

JSON

Related for NVD:CVE-2002-1578

cvelist1 cve1