Database Vulnerability in SAP R/3 with Oracle Database
CVE-2002-1578

Currently unrated

Key Information:

Vendor: SAP
Status: SAP R 3
Vendor: CVE Published:; 15 April 2004

What is CVE-2002-1578?

The default setup of SAP R/3, specifically when paired with Oracle and SQL*net V2 versions 3.x, 4.x, and 6.10, creates a significant risk by permitting remote attackers to connect directly to the underlying Oracle database. This allows unauthorized users to execute queries and access sensitive SAP data without proper authentication, due to the absence of password protection within the database configuration. This oversight can lead to data breaches and exploitation of sensitive information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/8972

vdb-entryx_refsource_XF

http://archives.neohapsis.com/archives/bugtraq/2002-04/03...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/4613

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Apr 15, 2004
Vulnerability Reserved
Mar 15, 2004