CVE-2002-1637

Sažetak

Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges.

Reference

http://www.kb.cert.org/vuls/id/712723
http://www.nextgenss.com/papers/hpoas.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/968
https://exchange.xforce.ibmcloud.com/vulnerabilities/969
https://exchange.xforce.ibmcloud.com/vulnerabilities/970
https://exchange.xforce.ibmcloud.com/vulnerabilities/971
https://exchange.xforce.ibmcloud.com/vulnerabilities/972

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-07-2017 - 01:29

Objavljeno

26-02-2002 - 05:00