CyberSec.Space Logo
Back to CVE Browser

CVE-2010-0219

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0400%
EPSS Percentile6.41th
PublishedOct 18, 2010
Last ModifiedApr 29, 2026

Vulnerability Description

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.

Affected Platforms (CPE)

πŸ“¦
Apache

Axis2

= 1.3
πŸ“¦
Apache

Axis2

= 1.4
πŸ“¦
Apache

Axis2

= 1.4.1
πŸ“¦
Apache

Axis2

= 1.5
πŸ“¦
Apache

Axis2

= 1.5.1
πŸ“¦
Apache

Axis2

= 1.5.2
πŸ“¦
Apache

Axis2

= 1.6
πŸ“¦
Sap

Businessobjects

= 3.2

References & Advisories

πŸ”— http://retrogod.altervista.org/9sg_ca_d2d.html
πŸ”— http://secunia.com/advisories/41799
πŸ”— http://secunia.com/advisories/42763
πŸ”— http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf
πŸ”— http://www.exploit-db.com/exploits/15869
πŸ”— http://www.kb.cert.org/vuls/id/989719
πŸ”— http://www.osvdb.org/70233
πŸ”— http://www.rapid7.com/security-center/advisories/R7-0037.jsp

Related Vulnerabilities

CVE-2018-1472110.0

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by ...

CVE-2018-193609.8

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the ax...

CVE-2010-16327.5

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Servic...

CVE-2019-02277.5

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Secur...