返回 CVE 浏览器

CVE-2010-0219

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0400%

EPSS Percentile6.41th

Published2010年10月18日

Last Modified2026年4月29日

Vulnerability Description

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.

Affected Platforms (CPE)

📦

Apache

Axis2

= 1.3

📦

Apache

Axis2

= 1.4

📦

Apache

Axis2

= 1.4.1

📦

Apache

Axis2

= 1.5

📦

Apache

Axis2

= 1.5.1

📦

Apache

Axis2

= 1.5.2

📦

Apache

Axis2

= 1.6

📦

Sap

Businessobjects

= 3.2

References & Advisories

🔗 http://retrogod.altervista.org/9sg_ca_d2d.html

🔗 http://secunia.com/advisories/41799

🔗 http://secunia.com/advisories/42763

🔗 http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf

🔗 http://www.exploit-db.com/exploits/15869

🔗 http://www.kb.cert.org/vuls/id/989719

🔗 http://www.osvdb.org/70233

🔗 http://www.rapid7.com/security-center/advisories/R7-0037.jsp

相关漏洞威胁

CVE-2018-1472110.0

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by ...

CVE-2018-193609.8

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the ax...

CVE-2010-16327.5

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Servic...

CVE-2019-02277.5

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Secur...