ID |
CVE-2010-0219
|
Summary |
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:axis2:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.5.1:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:axis2:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.5.2:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:axis2:1.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.6:*:*:*:*:*:*:*
-
cpe:2.3:a:sap:businessobjects:3.2:*:enterprise_xi:*:*:*:*:*
cpe:2.3:a:sap:businessobjects:3.2:*:enterprise_xi:*:*:*:*:*
|
CVSS |
Base: | 10.0 (as of 10-10-2018 - 19:51) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-255 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
refmap
via4
|
bugtraq | 20101014 R7-0037: SAP BusinessObjects Axis2 Default Admin Password | cert-vn | VU#989719 | confirm | https://kb.juniper.net/KB27373 | exploit-db | 15869 | misc | | osvdb | 70233 | sectrack | 1024929 | secunia | | vupen | ADV-2010-2673 | xf | businessobjects-dswsbobje-security-bypass(62523) |
|
saint
via4
|
bid | 45625 | description | HP Universal CMDB Server Axis2 default password | id | misc_hpuniversalcmdbpwd | osvdb | 70233 | title | hp_ucmdb_svr_axis2_defaultcred | type | remote |
bid | 45625 | description | CA ARCserve D2D Axis2 default password | id | misc_arcservecategory_d2d | osvdb | 70233 | title | brightstor_arcserve_d2d_axis2_pass | type | remote |
|
Last major update |
10-10-2018 - 19:51 |
Published |
18-10-2010 - 17:00 |
Last modified |
10-10-2018 - 19:51 |