CVE-2003-1035

3 documents3 sources
Severity
7.5HIGH
EPSS
0.4%
top 41.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP Sapgui
Timeline
PublishedApr 15
Latest updateApr 29

Description

The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDsap/sapgui4.6c, 4.6d+1

🔴Vulnerability Details

2
GHSA
GHSA-7gm9-wv4c-x6h8: The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a br2022-04-29
CVEList
CVE-2003-1035: The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a br2004-03-16
CVE-2003-1035 (HIGH CVSS 7.5) | The default installation of SAP R/3 | cvebase.io