Vulnerabilities > CVE-2002-1578 - Unspecified vulnerability in SAP R 3

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

sap

NVD

Published: 2004-04-15

Updated: 2024-11-20

Summary

The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP SAP R 3 *	1

References

http://archives.neohapsis.com/archives/bugtraq/2002-04/0387.html
http://archives.neohapsis.com/archives/bugtraq/2002-04/0387.html
http://www.securityfocus.com/bid/4613
http://www.securityfocus.com/bid/4613
https://exchange.xforce.ibmcloud.com/vulnerabilities/8972
https://exchange.xforce.ibmcloud.com/vulnerabilities/8972