Lucene search
K

224 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/03/25 3:4 p.m.10 views

Security Bulletin: Apache axis.jar is present in older Statistics releases that use IBM SPSS C&DS

Summary Apache Axis is vulnerable to server-side request forgery, caused by a improper input validation by the service admin HTTP API. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack. Customers using IBM SPSS Statistics versions 26-29 wi...

7.2CVSS6.5AI score0.01213EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/20 4:49 p.m.19 views

Security Bulletin: Apache Axis1 CVE-2023-40743 security vulnerability in FileNet Content Manager, Process Engine Process Orchestration

Summary Apache Axis1 CVE-2023-40743 security vulnerability in FileNet Content Manager, Process Engine Process Orchestration. Affected, not vulnerable. Vulnerability Details CVEID:CVE-2023-40743 DESCRIPTION: UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not...

9.8CVSS6.8AI score0.01931EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/19 3:11 p.m.14 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in Apache Axis, CKEditor4 & IBM MQ (CVE-2014-3596, CVE-2018-8032, CVE-2019-0227, CVE-2012-5784, CVE-2021-38986, CVE-2022-22321, CVE-2023-28439)

Summary IBM Sterling Control Center is affected by vulnerabilities in on Apache Axis, CKEditor4 & IBM MQ. Customers must upgrade to latest patch below to address this vulnerability. Vulnerability Details CVEID:CVE-2014-3596 DESCRIPTION: Apache Axis and Axis2 could allow a remote attacker to condu...

7.5CVSS7.5AI score0.86503EPSS
Exploits8Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2014-3596

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or...

5.8CVSS6.6AI score0.05806EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2019-0227

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits...

7.5CVSS6.7AI score0.86503EPSS
Exploits7References4
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2018-8032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting XSS attack in the default servlet/services. CVE-2018-8032 Note that Nessus relie...

6.1CVSS6.7AI score0.10554EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/14 4:32 p.m.21 views

Security Bulletin: IBM B2B Sterling Integrator is affected by Apache Axis vulnerability to server-side request forgery

Summary IBM B2B Sterling Integrator is affected by Apache Axis vulnerability to server-side request forgery. Vulnerability Details CVEID:CVE-2023-51441 DESCRIPTION: Apache Axis is vulnerable to server-side request forgery, caused by a improper input validation by the service admin HTTP API. By...

7.2CVSS6.3AI score0.01213EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/31 9:51 p.m.27 views

Security Bulletin: Multiple Vulnerabilities in Apache Axis affect Cloud Pak System

Summary Vulnerabilities in Apache Axis affect Cloud Pak System CVE-2012-5784, CVE-2014-3596 Vulnerability Details CVEID:CVE-2012-5784 DESCRIPTION: Apache Axis 1.4, as used in multiple products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the...

5.8CVSS8AI score0.05806EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.25 views

RHEL 6 : axis (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - axis: Hard coded domain name in example web service named StockQuoteService.jws leading to remote code...

7.5CVSS7.1AI score0.86503EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.30 views

RHEL 5 : axis (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - axis: Hard coded domain name in example web service named StockQuoteService.jws leading to remote code...

7.5CVSS7.2AI score0.86503EPSS
Exploits7References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/06 12:29 a.m.39 views

Security Bulletin: Vulnerabilities have been identified with the DS8900F Hardware Management Console (HMC)

Summary The updates indicated below have been released to address the following vulnerabilities: CVE-2023-46169 Arbitrary file deletion, CVE-2023-46171 view sensitive log information, CVE-2023-46172 Bypass authentication restrictions for authorized user, CVE-2023-46170 Arbitrary file read ,...

9.8CVSS8.6AI score0.01931EPSS
Exploits0Affected Software4
Veracode
Veracode
added 2024/04/04 6:39 a.m.32 views

Improper Input Validation

Apache Axis is vulnerable to Improper Input Validation. The vulnerability is caused due to improper input validation in the getService method within ServiceFactory.java. This can potentially lead to Denial of Service, Server Side request forgery, or Remote Code Execution attacks...

9.8CVSS7.2AI score0.01931EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/03/13 12:0 a.m.28 views

SUSE SLES12 Security Update : axis (SUSE-SU-2024:0851-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0851-1 advisory. - CVE-2023-51441: Fixed SSRF when untrusted input is passed to the service admin HTTP API bsc1218605. Tenable has extracted the preceding...

7.2CVSS7.1AI score0.01213EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/03/13 12:0 a.m.36 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : axis (SUSE-SU-2024:0852-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0852-1 advisory. - CVE-2023-51441: Fixed SSRF when untrusted input is passed to the service admin HTTP API bsc1218605...

7.2CVSS7.1AI score0.01213EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/05 4:54 p.m.72 views

Security Bulletin: Vulnerabilities in Apache Axis, Apache Shiro and SnakeYAML affect IBM WebSphere Service Registry and Repository

Summary An execute arbitrary code vulnerability in Apache Axis CVE-2023-40743, an authentication bypass vulnerability in Apache Shiro CVE-2023-34478 and several vulnerabilities in SnakeYAML incl. remote code execution vulnerability CVE-2022-1471 affect IBM WebSphere Service Registry and Repositor...

9.8CVSS10AI score0.99615EPSS
Exploits11Affected Software1
NVD
NVD
added 2024/02/29 1:35 a.m.10 views

CVE-2022-34269

An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/loaddtd?systemid= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution...

8.8CVSS7AI score0.01712EPSS
Exploits1References2
Prion
Prion
added 2024/02/29 1:35 a.m.25 views

Server side request forgery (ssrf)

An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/loaddtd?systemid= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution...

7.9AI score0.01712EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/31 11:50 a.m.39 views

Security Bulletin: Vulnerabilities in Linux Kernel and Apache Axis can affect IBM Storage Protect Plus

Summary IBM Storage Protect Plus can be affected by vulnerabilities in Linux kernel and Apache Axis. Vulnerabilities include obtaining sensitive information, gaining elevated privileges, executing arbitrary commands, denial of service, and bypassing security restrictions, as described by the CVEs...

8.8CVSS9.2AI score0.09141EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/31 9:0 a.m.36 views

Security Bulletin: IBM Sterling Control Center is vulnerable to denial of service attack due to Apache Axis (CVE-2023-40743)

Summary IBM Sterling Control Center uses Apache Axis. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-40743 DESCRIPTION: Apache Axis could allow a remote attacker to execute arbitrary code on the system, caused by improper input...

9.8CVSS9.8AI score0.01931EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2024/01/11 12:0 a.m.9 views

Apache Axis Code Issue Vulnerability

Apache Axis is the United States Apache Apache Foundation of an open source , XML-based Web services architecture . The product contains a SOAP server implemented in Java and C++ languages , as well as a variety of utility services and APIs to generate and deploy Web services applications. A...

7.2CVSS6.6AI score0.01213EPSS
Exploits0References1
Rows per page
Query Builder