CVE-2002-1578
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2002-1578
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
ORACLE SAP R/3未授权数据访问漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP一套针对所有企业的一种数据和应用集成企业管理软件,可使用在多种Linux和Unix操作系统下,也可使用在Microsoft Windows操作系统下。 ORACLE的SAP R/3默认安装存在缺陷,可导致远程攻击者未授权访问SAP数据。 每个可以访问数据库主机的Oracle Listener端口的攻击者,通过数据库主机的IP地址和系统ID(SID)结合无需授权就可以读/写/修改任意SAP数据,数据库主机的IP地址和系统ID(SID)可以通过包嗅探、社会工程学或对SAP R/3运行sapinfo等方法
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2002-1578
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2002-1578
Please Login to view more intelligence information
Same Patch Batch · n/a · 2004-03-16 · 21 CVEs total
| CVE-2003-1033 | SAP数据库开发工具INSTDBMSRV INSTROOT环境变量漏洞 | |
| CVE-2004-0224 | Courier多个远程缓冲区溢出漏洞 | |
| CVE-2004-0217 | Symantec AntiVirus Scan Engine For Red Hat Linux不安全临时文件漏洞 | |
| CVE-2004-0107 | Sysstat/lsag以不安全方式创建临时文件漏洞 | |
| CVE-2003-1039 | SAP缓冲区溢出漏洞 | |
| CVE-2003-1038 | SAP Internet Transaction Server (ITS)组件漏洞 | |
| CVE-2003-1037 | SAP Internet Transaction Server (ITS)格式化字符串漏洞 | |
| CVE-2003-1036 | SAP Internet Transaction Server(ITS)缓冲区溢出漏洞 | |
| CVE-2003-1035 | SAP R/3 sapinfo RFC API帐户锁定漏洞 | |
| CVE-2003-1034 | SAP DB RPM安装文件全局可写漏洞 | |
| CVE-2002-1576 | SAP DB本地符号链接漏洞 | |
| CVE-2003-0594 | Mozilla Browser Cookie路径限制绕过漏洞 | |
| CVE-2003-0593 | Opera 路径遍历漏洞 | |
| CVE-2003-0592 | 多个供应商的互联网浏览器的cookie路径参数权限绕过漏洞 | |
| CVE-2003-0514 | 多个供应商的互联网浏览器的cookie路径参数限制绕过漏洞 | |
| CVE-2003-0513 | Microsoft Internet Explorer 安全漏洞 | |
| CVE-2003-0257 | IBM AIX打印子系统多个未明安全漏洞 | |
| CVE-2003-0202 | Metrics不安全本地文件创建漏洞 | |
| CVE-2002-1579 | SAP SAPgui远程拒绝服务攻击漏洞 | |
| CVE-2002-1577 | 默认用户和密码客户端提升特权漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8196
JeecgBoot mLogin Endpoint LoginController.java authorization - CVE-2026-8195
JeecgBoot SVG File CommonController.java cross site scriptin - CVE-2026-8194
osTicket Dispatcher class.dispatcher.php cross-site request - CVE-2026-8193
Akaunting Invoice PDF Rendering dompdf.php server-side reque - CVE-2026-8186
Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out-
V. Comments for CVE-2002-1578
No comments yet