Vulnerabilities > CVE-2003-0943 - Information Disclosure vulnerability in Sap Db

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

sap

NVD

Published: 2003-12-15

Updated: 2008-09-05

Summary

web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via (1) waecho, (2) Web SQL Interface (websql), or (3) Web Database Manager (webdbm).

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP SAP DB *	1

References

http://www.atstake.com/research/advisories/2003/a111703-2.txt