CVE Details for CVE: CVE-2002-1637
Summary
Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges.
| Timestamps | |
|---|---|
| Last major update | 11-07-2017 - 01:29 |
| Published | 26-02-2002 - 05:00 |
| Last modified | 11-07-2017 - 01:29 |
References
- http://www.nextgenss.com/papers/hpoas.pdf
- http://www.kb.cert.org/vuls/id/712723
- https://exchange.xforce.ibmcloud.com/vulnerabilities/972
- https://exchange.xforce.ibmcloud.com/vulnerabilities/971
- https://exchange.xforce.ibmcloud.com/vulnerabilities/970
- https://exchange.xforce.ibmcloud.com/vulnerabilities/969
- https://exchange.xforce.ibmcloud.com/vulnerabilities/968
CWE
CVSS
Base
4.6
Impact
6.4
Exploitability
3.9
Access
| Vector | Complexity | Authentication |
|---|---|---|
| LOCAL | LOW | NONE |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| PARTIAL | PARTIAL | PARTIAL |
CVSS3
None
VIA4 references
cvss-vector
via4
refmap
via4
| cert-vn | VU#712723 |
| misc | http://www.nextgenss.com/papers/hpoas.pdf |
| xf |