CVE-2003-1035
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/04/2004
Last modified:
03/04/2025
Description
The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sap:sap_r_3:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:sapgui:4.6c:*:windows:*:*:*:*:* | ||
| cpe:2.3:a:sap:sapgui:4.6d:*:windows:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004039.html
- http://www.securityfocus.com/archive/1/451378/100/0/threaded
- http://www.securityfocus.com/bid/7007
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11487
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004039.html
- http://www.securityfocus.com/archive/1/451378/100/0/threaded
- http://www.securityfocus.com/bid/7007
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11487