224 matches found
Security Bulletin: Apache axis.jar is present in older Statistics releases that use IBM SPSS C&DS
Summary Apache Axis is vulnerable to server-side request forgery, caused by a improper input validation by the service admin HTTP API. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack. Customers using IBM SPSS Statistics versions 26-29 wi...
Security Bulletin: Apache Axis1 CVE-2023-40743 security vulnerability in FileNet Content Manager, Process Engine Process Orchestration
Summary Apache Axis1 CVE-2023-40743 security vulnerability in FileNet Content Manager, Process Engine Process Orchestration. Affected, not vulnerable. Vulnerability Details CVEID:CVE-2023-40743 DESCRIPTION: UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in Apache Axis, CKEditor4 & IBM MQ (CVE-2014-3596, CVE-2018-8032, CVE-2019-0227, CVE-2012-5784, CVE-2021-38986, CVE-2022-22321, CVE-2023-28439)
Summary IBM Sterling Control Center is affected by vulnerabilities in on Apache Axis, CKEditor4 & IBM MQ. Customers must upgrade to latest patch below to address this vulnerability. Vulnerability Details CVEID:CVE-2014-3596 DESCRIPTION: Apache Axis and Axis2 could allow a remote attacker to condu...
Linux Distros Unpatched Vulnerability : CVE-2014-3596
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or...
Linux Distros Unpatched Vulnerability : CVE-2019-0227
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits...
Linux Distros Unpatched Vulnerability : CVE-2018-8032
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting XSS attack in the default servlet/services. CVE-2018-8032 Note that Nessus relie...
Security Bulletin: IBM B2B Sterling Integrator is affected by Apache Axis vulnerability to server-side request forgery
Summary IBM B2B Sterling Integrator is affected by Apache Axis vulnerability to server-side request forgery. Vulnerability Details CVEID:CVE-2023-51441 DESCRIPTION: Apache Axis is vulnerable to server-side request forgery, caused by a improper input validation by the service admin HTTP API. By...
Security Bulletin: Multiple Vulnerabilities in Apache Axis affect Cloud Pak System
Summary Vulnerabilities in Apache Axis affect Cloud Pak System CVE-2012-5784, CVE-2014-3596 Vulnerability Details CVEID:CVE-2012-5784 DESCRIPTION: Apache Axis 1.4, as used in multiple products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the...
RHEL 6 : axis (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - axis: Hard coded domain name in example web service named StockQuoteService.jws leading to remote code...
RHEL 5 : axis (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - axis: Hard coded domain name in example web service named StockQuoteService.jws leading to remote code...
Security Bulletin: Vulnerabilities have been identified with the DS8900F Hardware Management Console (HMC)
Summary The updates indicated below have been released to address the following vulnerabilities: CVE-2023-46169 Arbitrary file deletion, CVE-2023-46171 view sensitive log information, CVE-2023-46172 Bypass authentication restrictions for authorized user, CVE-2023-46170 Arbitrary file read ,...
Improper Input Validation
Apache Axis is vulnerable to Improper Input Validation. The vulnerability is caused due to improper input validation in the getService method within ServiceFactory.java. This can potentially lead to Denial of Service, Server Side request forgery, or Remote Code Execution attacks...
SUSE SLES12 Security Update : axis (SUSE-SU-2024:0851-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0851-1 advisory. - CVE-2023-51441: Fixed SSRF when untrusted input is passed to the service admin HTTP API bsc1218605. Tenable has extracted the preceding...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : axis (SUSE-SU-2024:0852-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0852-1 advisory. - CVE-2023-51441: Fixed SSRF when untrusted input is passed to the service admin HTTP API bsc1218605...
Security Bulletin: Vulnerabilities in Apache Axis, Apache Shiro and SnakeYAML affect IBM WebSphere Service Registry and Repository
Summary An execute arbitrary code vulnerability in Apache Axis CVE-2023-40743, an authentication bypass vulnerability in Apache Shiro CVE-2023-34478 and several vulnerabilities in SnakeYAML incl. remote code execution vulnerability CVE-2022-1471 affect IBM WebSphere Service Registry and Repositor...
CVE-2022-34269
An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/loaddtd?systemid= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution...
Server side request forgery (ssrf)
An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/loaddtd?systemid= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution...
Security Bulletin: Vulnerabilities in Linux Kernel and Apache Axis can affect IBM Storage Protect Plus
Summary IBM Storage Protect Plus can be affected by vulnerabilities in Linux kernel and Apache Axis. Vulnerabilities include obtaining sensitive information, gaining elevated privileges, executing arbitrary commands, denial of service, and bypassing security restrictions, as described by the CVEs...
Security Bulletin: IBM Sterling Control Center is vulnerable to denial of service attack due to Apache Axis (CVE-2023-40743)
Summary IBM Sterling Control Center uses Apache Axis. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-40743 DESCRIPTION: Apache Axis could allow a remote attacker to execute arbitrary code on the system, caused by improper input...
Apache Axis Code Issue Vulnerability
Apache Axis is the United States Apache Apache Foundation of an open source , XML-based Web services architecture . The product contains a SOAP server implemented in Java and C++ languages , as well as a variety of utility services and APIs to generate and deploy Web services applications. A...