Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0219

CWE-2558 documents6 sources
Severity
10.0CRITICAL
EPSS
93.4%
top 0.18%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apache Axis2SAP Businessobjects
Timeline
PublishedOct 18
Latest updateMay 2

Description

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDapache/axis27 versions+6

Patches

Patch: service.sap.comPatch: service.sap.com

🔴Vulnerability Details

3
GHSA
GHSA-9x38-862g-jg8w: Apache Axis2, as used in dswsbobje2022-05-02
CVEList
CVE-2010-0219: Apache Axis2, as used in dswsbobje2010-10-18
VulnCheck
Apache Axis2 dswsbobje.war Remote Code Execution2010

💥Exploits & PoCs

4
Exploit-DB
CA ARCserve D2D r15 - Web Service Servlet Code Execution2010-12-30
Exploit-DB
Axis2 - (Authenticated) Code Execution (via REST) (Metasploit)2010-12-14
Exploit-DB
Axis2 / SAP BusinessObjects - (Authenticated) Code Execution (via SOAP) (Metasploit)2010-12-14
Nuclei
Apache Axis2 Default Login
CVE-2010-0219 (CRITICAL CVSS 10) | Apache Axis2 | cvebase.io