Description

Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges.

Remediation

References

CVE-2002-1637

Related Vulnerabilities

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-1615)

WebLogic CVE-2020-2811 Vulnerability (CVE-2020-2811)

WordPress Plugin GlotPress Information Disclosure (2.2.1)

WordPress Plugin Print My Blog-Print, PDF, & eBook Converter Cross-Site Request Forgery (3.4.1)

PHP Out-of-bounds Read Vulnerability (CVE-2017-11147)

Severity

Medium

Classification

CVE-2002-1637

Tags

Missing Update Known Vulnerabilities