Описание
The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:sap_r_3:*:*:*:*:*:*:*:*
cpe:2.3:a:sap:sapgui:4.6c:*:windows:*:*:*:*:*
cpe:2.3:a:sap:sapgui:4.6d:*:windows:*:*:*:*:*
EPSS
Процентиль: 58%
0.00363
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does.
EPSS
Процентиль: 58%
0.00363
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other