6.1
CVE-2018-8032
- EPSS 10.55%
- Veröffentlicht 02.08.2018 13:29:00
- Zuletzt bearbeitet 08.05.2025 18:13:51
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Agile Engineering Data Management Version6.2.1.0
Oracle ≫ Agile Product Lifecycle Management Version9.3.3
Oracle ≫ Application Testing Suite Version13.2.0.1
Oracle ≫ Application Testing Suite Version13.3.0.1
Oracle ≫ Big Data Discovery Version1.6
Oracle ≫ Communications Asap Cartridges Version7.2
Oracle ≫ Communications Asap Cartridges Version7.3
Oracle ≫ Communications Design Studio Version7.3.4.3.0
Oracle ≫ Communications Design Studio Version7.3.5.5.0
Oracle ≫ Communications Design Studio Version7.4.0.4.0
Oracle ≫ Communications Design Studio Version7.4.1.1.0
Oracle ≫ Communications Element Manager Version8.0.0
Oracle ≫ Communications Element Manager Version8.1.0
Oracle ≫ Communications Element Manager Version8.1.1
Oracle ≫ Communications Element Manager Version8.2.0
Oracle ≫ Communications Network Integrity Version7.3.5
Oracle ≫ Communications Network Integrity Version7.3.6
Oracle ≫ Communications Order And Service Management Version7.3.0.0.0
Oracle ≫ Communications Order And Service Management Version7.4
Oracle ≫ Communications Session Report Manager Version8.0.0
Oracle ≫ Communications Session Report Manager Version8.1.0
Oracle ≫ Communications Session Report Manager Version8.1.1
Oracle ≫ Communications Session Report Manager Version8.2.0
Oracle ≫ Communications Session Route Manager Version8.0.0
Oracle ≫ Communications Session Route Manager Version8.1.0
Oracle ≫ Communications Session Route Manager Version8.1.1
Oracle ≫ Communications Session Route Manager Version8.2.0
Oracle ≫ Endeca Information Discovery Studio Version3.2.0
Oracle ≫ Enterprise Manager Base Platform Version12.1.0.5
Oracle ≫ Enterprise Manager Base Platform Version13.3.0.0
Oracle ≫ Enterprise Manager For Fusion Middleware Version12.1.0.5
Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 7.3.3 <= 7.3.5
Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 8.0.0 <= 8.0.8
Oracle ≫ Financial Services Compliance Regulatory Reporting Version >= 8.0.6 <= 8.0.8
Oracle ≫ Financial Services Funds Transfer Pricing Version >= 8.0.2 <= 8.0.7
Oracle ≫ Flexcube Core Banking Version11.7.0
Oracle ≫ Flexcube Core Banking Version11.8.0
Oracle ≫ Flexcube Core Banking Version11.9.0
Oracle ≫ Flexcube Core Banking Version11.10.0
Oracle ≫ Flexcube Private Banking Version12.0.0
Oracle ≫ Flexcube Private Banking Version12.1.0
Oracle ≫ Hospitality Guest Access Version4.2.0
Oracle ≫ Hospitality Guest Access Version4.2.1
Oracle ≫ Instantis Enterprisetrack Version17.1
Oracle ≫ Instantis Enterprisetrack Version17.2
Oracle ≫ Instantis Enterprisetrack Version17.3
Oracle ≫ Internet Directory Version12.2.1.3.0
Oracle ≫ Internet Directory Version12.2.1.4.0
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.56
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.57
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58
Oracle ≫ Policy Automation Connector For Siebel Version10.4.6
Oracle ≫ Primavera Gateway Version16.2.11
Oracle ≫ Primavera Gateway Version17.12.6
Oracle ≫ Primavera Unifier Version >= 17.7 <= 17.12
Oracle ≫ Primavera Unifier Version16.1
Oracle ≫ Primavera Unifier Version16.2
Oracle ≫ Primavera Unifier Version18.8
Oracle ≫ Primavera Unifier Version19.12
Oracle ≫ Rapid Planning Version12.1
Oracle ≫ Rapid Planning Version12.2
Oracle ≫ Real-time Decision Server Version3.2.1.0
Oracle ≫ Retail Order Broker Version15.0
Oracle ≫ Retail Order Broker Version16.0
Oracle ≫ Retail Order Broker Version18.0
Oracle ≫ Retail Xstore Point Of Service Version7.1
Oracle ≫ Secure Global Desktop Version5.4
Oracle ≫ Secure Global Desktop Version5.5
Oracle ≫ Siebel Ui Framework Version <= 21.0
Oracle ≫ Webcenter Portal Version12.2.1.3.0
Debian ≫ Debian Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.55% | 0.952 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.oracle.com/security-alerts/cpujul2022.html
http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E
https://issues.apache.org/jira/browse/AXIS-2924
https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E
https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html
https://security.netapp.com/advisory/ntap-20240621-0006/