// For flags

CVE-2010-0219

Axis2 - (Authenticated) Code Execution (via REST)

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

8
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.

Axis2 de Apache, tal y como es usado en dswsbobje.war en SAP BusinessObjects Enterprise XI versión 3.2, CA ARCserve D2D r15 y otros productos, tiene una contraseña por defecto de axis2 para la cuenta de administrador, lo que facilita a los atacantes remotos ejecutar código arbitrario mediante la carga de un servicio web especialmente diseñado.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-01-06 CVE Reserved
  • 2010-10-18 CVE Published
  • 2010-12-14 First Exploit
  • 2024-08-07 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-255: Credentials Management Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
Axis2
Search vendor "Apache" for product "Axis2"
1.3
Search vendor "Apache" for product "Axis2" and version "1.3"
-
Affected
in Sap
Search vendor "Sap"
Businessobjects
Search vendor "Sap" for product "Businessobjects"
3.2
Search vendor "Sap" for product "Businessobjects" and version "3.2"
enterprise_xi
Affected
Apache
Search vendor "Apache"
Axis2
Search vendor "Apache" for product "Axis2"
1.4
Search vendor "Apache" for product "Axis2" and version "1.4"
-
Affected
in Sap
Search vendor "Sap"
Businessobjects
Search vendor "Sap" for product "Businessobjects"
3.2
Search vendor "Sap" for product "Businessobjects" and version "3.2"
enterprise_xi
Affected
Apache
Search vendor "Apache"
Axis2
Search vendor "Apache" for product "Axis2"
1.4.1
Search vendor "Apache" for product "Axis2" and version "1.4.1"
-
Affected
in Sap
Search vendor "Sap"
Businessobjects
Search vendor "Sap" for product "Businessobjects"
3.2
Search vendor "Sap" for product "Businessobjects" and version "3.2"
enterprise_xi
Affected
Apache
Search vendor "Apache"
Axis2
Search vendor "Apache" for product "Axis2"
1.5
Search vendor "Apache" for product "Axis2" and version "1.5"
-
Affected
in Sap
Search vendor "Sap"
Businessobjects
Search vendor "Sap" for product "Businessobjects"
3.2
Search vendor "Sap" for product "Businessobjects" and version "3.2"
enterprise_xi
Affected
Apache
Search vendor "Apache"
Axis2
Search vendor "Apache" for product "Axis2"
1.5.1
Search vendor "Apache" for product "Axis2" and version "1.5.1"
-
Affected
in Sap
Search vendor "Sap"
Businessobjects
Search vendor "Sap" for product "Businessobjects"
3.2
Search vendor "Sap" for product "Businessobjects" and version "3.2"
enterprise_xi
Affected
Apache
Search vendor "Apache"
Axis2
Search vendor "Apache" for product "Axis2"
1.5.2
Search vendor "Apache" for product "Axis2" and version "1.5.2"
-
Affected
in Sap
Search vendor "Sap"
Businessobjects
Search vendor "Sap" for product "Businessobjects"
3.2
Search vendor "Sap" for product "Businessobjects" and version "3.2"
enterprise_xi
Affected
Apache
Search vendor "Apache"
Axis2
Search vendor "Apache" for product "Axis2"
1.6
Search vendor "Apache" for product "Axis2" and version "1.6"
-
Affected
in Sap
Search vendor "Sap"
Businessobjects
Search vendor "Sap" for product "Businessobjects"
3.2
Search vendor "Sap" for product "Businessobjects" and version "3.2"
enterprise_xi
Affected