CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
72.1%
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
Vendor | Product | Version | CPE |
---|---|---|---|
apache | axis | * | cpe:2.3:a:apache:axis:*:*:*:*:*:*:*:* |
oracle | agile_engineering_data_management | 6.2.1.0 | cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:* |
oracle | agile_product_lifecycle_management_framework | 9.3.3 | cpe:2.3:a:oracle:agile_product_lifecycle_management_framework:9.3.3:*:*:*:*:*:*:* |
oracle | application_testing_suite | 13.2.0.1 | cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:* |
oracle | application_testing_suite | 13.3.0.1 | cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* |
oracle | big_data_discovery | 1.6 | cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:* |
oracle | communications_asap_cartridges | 7.2 | cpe:2.3:a:oracle:communications_asap_cartridges:7.2:*:*:*:*:*:*:* |
oracle | communications_asap_cartridges | 7.3 | cpe:2.3:a:oracle:communications_asap_cartridges:7.3:*:*:*:*:*:*:* |
oracle | communications_design_studio | 7.3.4.3.0 | cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:*:*:*:*:*:*:* |
oracle | communications_design_studio | 7.3.5.5.0 | cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:*:*:*:*:*:*:* |
mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E
issues.apache.org/jira/browse/AXIS-2924
lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E
lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E
lists.debian.org/debian-lts-announce/2021/11/msg00015.html
security.netapp.com/advisory/ntap-20240621-0006/
www.oracle.com/security-alerts/cpuapr2020.html
www.oracle.com/security-alerts/cpuApr2021.html
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujan2020.html
www.oracle.com/security-alerts/cpujan2021.html
www.oracle.com/security-alerts/cpujul2020.html
www.oracle.com/security-alerts/cpujul2022.html
www.oracle.com/security-alerts/cpuoct2021.html
www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
72.1%