SAP R/3 used with Oracle could allow an attacker to access SAP data
SECURITY (Intermediate alert)
원본출처 : http://www.iss.net/security_center/static/8972.php
Description:
SAP is a financial package that runs on top of Oracle databases. SAP R/3 using SQL*net V2 could allow a remote attacker to access SAP data. Upon default installation of SAP R/3 on an Oracle database, an attacker on the local network could access the Oracle listener port on the database host to read, write, or modify SAP data.
Platforms Affected:
Oracle: All Versions
SAP R/3: All Versions
Remedy:
No remedy available as of May 2002.
Refer to the BugTraq Mailing List posting dated Apr 27 2002 7:06AM for workaround information. See References.
Consequences:
Gain Access
References:
BugTraq Mailing List, Apr 27 2002 7:06AM, "SAP R/3 on Oracle: vulnerable Default Installation" at http://online.securityfocus.com/archive/1/269967
Standards associated with this entry:
BID-4613: SAP R/3 with Oracle Unauthorized Data Access Vulnerability
Reported:
April 27 2002.
|