CyberSec.Space Logo
Back to CVE Browser

CVE-2003-1035

HIGH
7.5
CVSS Severity Score
EPSS Score0.1330%
EPSS Percentile29.80th
PublishedApr 15, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does.

Affected Platforms (CPE)

πŸ“¦
Sap

Sap R 3

All versions
πŸ“¦
Sap

Sapgui

= 4.6c
πŸ“¦
Sap

Sapgui

= 4.6d

References & Advisories

πŸ”— http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004039.html
πŸ”— http://www.securityfocus.com/archive/1/451378/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/7007
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/11487
πŸ”— http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004039.html
πŸ”— http://www.securityfocus.com/archive/1/451378/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/7007
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/11487

Related Vulnerabilities

CVE-2020-636410.0

SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to m...

CVE-2020-2682110.0

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing ...

CVE-2020-628710.0

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which...

CVE-2020-2682210.0

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing ...