Default Services Enabled in SAP DB Before 7.4.03.30: Information Disclosure and Database Redirection Vulnerability

Default Services Enabled in SAP DB Before 7.4.03.30: Information Disclosure and Database Redirection Vulnerability

CVE-2003-0943 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via (1) waecho, (2) Web SQL Interface (websql), or (3) Web Database Manager (webdbm).

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.