CVE-2002-1637

Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.nextgenss.com/papers/hpoas.pdf
http://www.kb.cert.org/vuls/id/712723	Third Party Advisory US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/972
https://exchange.xforce.ibmcloud.com/vulnerabilities/971
https://exchange.xforce.ibmcloud.com/vulnerabilities/970
https://exchange.xforce.ibmcloud.com/vulnerabilities/969
https://exchange.xforce.ibmcloud.com/vulnerabilities/968

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*

Information

Published : 2002-02-25 21:00

Updated : 2017-07-10 18:29

NVD link : CVE-2002-1637

Mitre link : CVE-2002-1637

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

oracle

application_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.nextgenss.com/papers/hpoas.pdf", "name": "http://www.nextgenss.com/papers/hpoas.pdf", "tags": [], "refsource": "MISC"}, {"url": "http://www.kb.cert.org/vuls/id/712723", "name": "VU#712723", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/972", "name": "default-oracle-applsys(972)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/971", "name": "default-oracle-apps(971)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/970", "name": "default-oracle-scott(970)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/969", "name": "default-oracle-sys(969)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/968", "name": "default-oracle-system(968)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-1637", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2002-02-26T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:29Z"}