CVE-2003-0943
CVE-2003-0943 is a high-severity vulnerability in Sap Sap Db with a CVSS 2.0 base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 2.0 base score 7.5)
- EPSS exploit prediction: 1% (71st percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Sap Sap Db
- Published:
- Last modified:
Description
web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via (1) waecho, (2) Web SQL Interface (websql), or (3) Web Database Manager (webdbm).
Frequently asked questions
- What is CVE-2003-0943?
- web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via (1) waecho, (2) Web SQL Interface (websql), or (3) Web Database Manager (webdbm).
- How severe is CVE-2003-0943?
- CVE-2003-0943 has a CVSS 2.0 base score of 7.5, rated high severity.
- Is CVE-2003-0943 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (71st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2003-0943?
- CVE-2003-0943 affects Sap Sap Db. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2003-0943?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2003-0943 published?
- CVE-2003-0943 was published on 2003-12-15 and last updated on 2026-06-16.
References
Affected products (1)
- cpe:2.3:a:sap:sap_db:*:*:*:*:*:*:*:*
More vulnerabilities in Sap Sap Db
- CVE-2007-3614 — High (CVSS 7.5): Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5,…
- CVE-2003-0939 — High (CVSS 7.5): eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) 7.4.03.27 and earlier may allow remote…
- CVE-2003-0945 — High (CVSS 7.5): The Web Database Manager in web-tools for SAP DB before 7.4.03.30 generates predictable session IDs, which allows…
- CVE-2003-0944 — High (CVSS 7.5): Buffer overflow in the WAECHO default service in web-tools in SAP DB before 7.4.03.30 allows remote attackers to…
- CVE-2003-0942 — High (CVSS 7.5): Buffer overflow in Web Agent Administration service in web-tools for SAP DB before 7.4.03.30 allows remote attackers to…
- CVE-2003-0941 — High (CVSS 7.5): web-tools in SAP DB before 7.4.03.30 allows remote attackers to access the Web Agent Administration pages and modify…