CVE-2002-1578

Name of the Vulnerable Software and Affected Versions SAP R/3 versions using Oracle and SQL*net V2 3.x, 4.x, and 6.10

Description The issue allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against it, as the database is not password-protected.

Recommendations For SAP R/3 using Oracle and SQL*net V2 3.x, 4.x, and 6.10, consider implementing password protection for the Oracle database to prevent unauthorized access. As a temporary workaround, restrict direct connections to the Oracle database until a more secure configuration can be implemented.