CVE-2002-1637

Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges.

Published: Feb 26, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-1637
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / application_server	-	-

http://www.kb.cert.org/vuls/id/712723
http://www.nextgenss.com/papers/hpoas.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/968
https://exchange.xforce.ibmcloud.com/vulnerabilities/969
https://exchange.xforce.ibmcloud.com/vulnerabilities/970
https://exchange.xforce.ibmcloud.com/vulnerabilities/971
https://exchange.xforce.ibmcloud.com/vulnerabilities/972

Vulnerability Database

289,599

CVE-2002-1637