CVE-2002-1578
First published: Tue Mar 16 2004(Updated: )
The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Sap R 3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2002-1578?
CVE-2002-1578 is considered a high severity vulnerability due to the potential for remote attackers to access sensitive SAP data without proper authentication.
How can I fix CVE-2002-1578?
To fix CVE-2002-1578, ensure that the Oracle database is properly secured with a strong password and restrict remote access to the database.
Who is affected by CVE-2002-1578?
Organizations using the default installation of SAP R/3 with Oracle and SQL*net V2 versions 3.x, 4.x, and 6.10 are affected by CVE-2002-1578.
What type of data can be exposed by CVE-2002-1578?
CVE-2002-1578 allows remote attackers to obtain arbitrary, sensitive SAP data stored in the Oracle database.
Is CVE-2002-1578 still a concern today?
Although CVE-2002-1578 was disclosed in 2002, it remains a concern for systems that have not been updated or properly secured against this vulnerability.
- collector/nvd-historical
- vendor/sap
- product/sap r 3
- canonical/sap sap r 3
- collector/nvd-index
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- agent/source