Default Password Vulnerability in Oracle Database's catsnmp Component
CVE-2002-0858

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle9i; Oracle8i
Vendor: CVE Published:; 5 September 2002

What is CVE-2002-0858?

The catsnmp component in Oracle Database 9i and 8i is configured with a default dbsnmp user account and a default password. This misconfiguration allows attackers to perform restricted database operations, potentially gaining unauthorized access to sensitive database resources and escalating privileges.

References

http://marc.info/?l=bugtraq&m=102918005402808&w=2

mailing-listx_refsource_BUGTRAQ

http://www.iss.net/security_center/static/9932.php

vdb-entryx_refsource_XF

http://www.osvdb.org/9476

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2002
Vulnerability Reserved
Aug 15, 2002