Lucene search

[email protected]NVD:CVE-2018-8032

HistoryAug 02, 2018 - 1:29 p.m.

CVE-2018-8032

2018-08-0213:29:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.004

Percentile

72.1%

JSON

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

Affected configurations

Nvd

Node

apacheaxisRange1.0–1.4

Node

oracleagile_engineering_data_managementMatch6.2.1.0

oracleagile_product_lifecycle_management_frameworkMatch9.3.3

oracleapplication_testing_suiteMatch13.2.0.1

oracleapplication_testing_suiteMatch13.3.0.1

oraclebig_data_discoveryMatch1.6

oraclecommunications_asap_cartridgesMatch7.2

oraclecommunications_asap_cartridgesMatch7.3

oraclecommunications_design_studioMatch7.3.4.3.0

oraclecommunications_design_studioMatch7.3.5.5.0

oraclecommunications_design_studioMatch7.4.0.4.0

oraclecommunications_design_studioMatch7.4.1.1.0

oraclecommunications_element_managerMatch8.0.0

oraclecommunications_element_managerMatch8.1.0

oraclecommunications_element_managerMatch8.1.1

oraclecommunications_element_managerMatch8.2.0

oraclecommunications_network_integrityMatch7.3.5

oraclecommunications_network_integrityMatch7.3.6

oraclecommunications_order_and_service_managementMatch7.3.0.0.0

oraclecommunications_order_and_service_managementMatch7.4

oraclecommunications_session_report_managerMatch8.0.0

oraclecommunications_session_report_managerMatch8.1.0

oraclecommunications_session_report_managerMatch8.1.1

oraclecommunications_session_report_managerMatch8.2.0

oraclecommunications_session_route_managerMatch8.0.0

oraclecommunications_session_route_managerMatch8.1.0

oraclecommunications_session_route_managerMatch8.1.1

oraclecommunications_session_route_managerMatch8.2.0

oracleendeca_information_discovery_studioMatch3.2.0

oracleenterprise_manager_base_platformMatch12.1.0.5

oracleenterprise_manager_base_platformMatch13.3.0.0

oracleenterprise_manager_for_fusion_middlewareMatch12.1.0.5

oraclefinancial_services_analytical_applications_infrastructureRange7.3.3–7.3.5

oraclefinancial_services_analytical_applications_infrastructureRange8.0.0–8.0.8

oraclefinancial_services_compliance_regulatory_reportingRange8.0.6–8.0.8

oraclefinancial_services_funds_transfer_pricingRange8.0.2–8.0.7

oracleflexcube_core_bankingMatch11.7.0

oracleflexcube_core_bankingMatch11.8.0

oracleflexcube_core_bankingMatch11.9.0

oracleflexcube_core_bankingMatch11.10.0

oracleflexcube_private_bankingMatch12.0.0

oracleflexcube_private_bankingMatch12.1.0

oraclehospitality_guest_accessMatch4.2.0

oraclehospitality_guest_accessMatch4.2.1

oracleinstantis_enterprisetrackMatch17.1

oracleinstantis_enterprisetrackMatch17.2

oracleinstantis_enterprisetrackMatch17.3

oracleinternet_directoryMatch12.2.1.3.0

oracleinternet_directoryMatch12.2.1.4.0

oracleknowledgeRange8.6.0–8.6.3

oraclepeoplesoft_enterprise_human_capital_management_human_resourcesMatch9.2

oraclepeoplesoft_enterprise_peopletoolsMatch8.56

oraclepeoplesoft_enterprise_peopletoolsMatch8.57

oraclepeoplesoft_enterprise_peopletoolsMatch8.58

oraclepolicy_automation_connector_for_siebelMatch10.4.6

oracleprimavera_gatewayMatch16.2.11

oracleprimavera_gatewayMatch17.12.6

oracleprimavera_unifierRange17.7–17.12

oracleprimavera_unifierMatch16.1

oracleprimavera_unifierMatch16.2

oracleprimavera_unifierMatch18.8

oracleprimavera_unifierMatch19.12

oraclerapid_planningMatch12.1

oraclerapid_planningMatch12.2

oraclereal-time_decision_serverMatch3.2.1.0

oracleretail_order_brokerMatch15.0

oracleretail_order_brokerMatch16.0

oracleretail_order_brokerMatch18.0

oracleretail_xstore_point_of_serviceMatch7.1

oraclesecure_global_desktopMatch5.4

oraclesecure_global_desktopMatch5.5

oraclesiebel_ui_frameworkRange≤21.0

oracletuxedoMatch12.1.1.0.0

oracletuxedoMatch12.1.3

oraclewebcenter_portalMatch12.2.1.3.0

Node

debiandebian_linuxMatch9.0

VendorProductVersionCPE
apacheaxis*cpe:2.3:a:apache:axis:*:*:*:*:*:*:*:*
oracleagile_engineering_data_management6.2.1.0cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*
oracleagile_product_lifecycle_management_framework9.3.3cpe:2.3:a:oracle:agile_product_lifecycle_management_framework:9.3.3:*:*:*:*:*:*:*
oracleapplication_testing_suite13.2.0.1cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
oracleapplication_testing_suite13.3.0.1cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
oraclebig_data_discovery1.6cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*
oraclecommunications_asap_cartridges7.2cpe:2.3:a:oracle:communications_asap_cartridges:7.2:*:*:*:*:*:*:*
oraclecommunications_asap_cartridges7.3cpe:2.3:a:oracle:communications_asap_cartridges:7.3:*:*:*:*:*:*:*
oraclecommunications_design_studio7.3.4.3.0cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:*:*:*:*:*:*:*
oraclecommunications_design_studio7.3.5.5.0cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	axis	*	cpe:2.3:a:apache:axis::::::::
oracle	agile_engineering_data_management	6.2.1.0	cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:::::::*
oracle	agile_product_lifecycle_management_framework	9.3.3	cpe:2.3:a:oracle:agile_product_lifecycle_management_framework:9.3.3:::::::*
oracle	application_testing_suite	13.2.0.1	cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:::::::*
oracle	application_testing_suite	13.3.0.1	cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
oracle	big_data_discovery	1.6	cpe:2.3:a:oracle:big_data_discovery:1.6:::::::*
oracle	communications_asap_cartridges	7.2	cpe:2.3:a:oracle:communications_asap_cartridges:7.2:::::::*
oracle	communications_asap_cartridges	7.3	cpe:2.3:a:oracle:communications_asap_cartridges:7.3:::::::*
oracle	communications_design_studio	7.3.4.3.0	cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:::::::*
oracle	communications_design_studio	7.3.5.5.0	cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:::::::*