CVE-2002-1578
SAP R/3 - Unauthenticated Sensitive Data Exposure via Oracle Database Direct Connection
Title source: llmDescription
The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/8972
Exploit, Patch, Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-04/0387.html
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4613
Scores
EPSS
0.0086
EPSS Percentile
75.2%
Details
Status
published
Products (1)
sap/sap_r_3
Published
Apr 15, 2004
Tracked Since
Feb 18, 2026