CyberSec.Space Logo
返回 CVE 浏览器

CVE-2003-1035

HIGH
7.5
CVSS Severity Score
EPSS Score0.1330%
EPSS Percentile29.80th
Published2004年4月15日
Last Modified2026年4月16日

Vulnerability Description

The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does.

Affected Platforms (CPE)

📦
Sap

Sap R 3

All versions
📦
Sap

Sapgui

= 4.6c
📦
Sap

Sapgui

= 4.6d

References & Advisories

🔗 http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004039.html
🔗 http://www.securityfocus.com/archive/1/451378/100/0/threaded
🔗 http://www.securityfocus.com/bid/7007
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/11487
🔗 http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004039.html
🔗 http://www.securityfocus.com/archive/1/451378/100/0/threaded
🔗 http://www.securityfocus.com/bid/7007
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/11487

相关漏洞威胁

CVE-2020-636410.0

SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to m...

CVE-2020-2682110.0

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing ...

CVE-2020-628710.0

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which...

CVE-2020-2682210.0

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing ...