CVE-2002-1578

Currently unrated

Key Information:

Vendor: SAP
Status: SAP R 3
Vendor: CVE Published:; 15 April 2004

Summary

The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/8972

vdb-entryx_refsource_XF

http://archives.neohapsis.com/archives/bugtraq/2002-04/03...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/4613

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Apr 15, 2004
Vulnerability Reserved
Mar 15, 2004