CVE-2018-8032 - Vulnerability Details

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.02343.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Axis
Debian	Debian Linux
Oracle	Agile Engineering Data Management Agile Product Lifecycle Management Application Testing Suite Big Data Discovery Communications Asap Cartridges Communications Design Studio Communications Element Manager Communications Network Integrity Communications Order And Service Management Communications Session Report Manager Communications Session Route Manager Endeca Information Discovery Studio Enterprise Manager Base Platform Enterprise Manager For Fusion Middleware Financial Services Analytical Applications Infrastructure Financial Services Compliance Regulatory Reporting Financial Services Funds Transfer Pricing Flexcube Core Banking Flexcube Private Banking Hospitality Guest Access Instantis Enterprisetrack Internet Directory Knowledge Peoplesoft Enterprise Human Capital Management Human Resources Peoplesoft Enterprise Peopletools Policy Automation Connector For Siebel Primavera Gateway Primavera Unifier Rapid Planning Real-time Decision Server Retail Order Broker Retail Xstore Point Of Service Secure Global Desktop Siebel Ui Framework Tuxedo Webcenter Portal

Configuration 1 [-]

cpe:2.3:a:apache:axis:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:::::::*
	cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
	cpe:2.3:a:oracle:big_data_discovery:1.6:::::::*
	cpe:2.3:a:oracle:communications_asap_cartridges:7.2:::::::*
	cpe:2.3:a:oracle:communications_asap_cartridges:7.3:::::::*
	cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:::::::*
	cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:::::::*
	cpe:2.3:a:oracle:communications_design_studio:7.4.0.4.0:::::::*
	cpe:2.3:a:oracle:communications_design_studio:7.4.1.1.0:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:communications_network_integrity:7.3.5:::::::*
	cpe:2.3:a:oracle:communications_network_integrity:7.3.6:::::::*
	cpe:2.3:a:oracle:communications_order_and_service_management:7.3.0.0.0:::::::*
	cpe:2.3:a:oracle:communications_order_and_service_management:7.4:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:::::::*
	cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
	cpe:2.3:a:oracle:financial_services_compliance_regulatory_reporting::::::::
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing::::::::
	cpe:2.3:a:oracle:flexcube_core_banking:11.7.0:::::::*
	cpe:2.3:a:oracle:flexcube_core_banking:11.8.0:::::::*
	cpe:2.3:a:oracle:flexcube_core_banking:11.9.0:::::::*
	cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:::::::*
	cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:::::::*
	cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:::::::*
	cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*
	cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*
	cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*
	cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*
	cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*
	cpe:2.3:a:oracle:internet_directory:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:internet_directory:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:knowledge::::::::
	cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_human_resources:9.2:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
	cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:::::::*
	cpe:2.3:a:oracle:primavera_gateway:16.2.11:::::::*
	cpe:2.3:a:oracle:primavera_gateway:17.12.6:::::::*
	cpe:2.3:a:oracle:primavera_unifier::::::::
	cpe:2.3:a:oracle:primavera_unifier:16.1:::::::*
	cpe:2.3:a:oracle:primavera_unifier:16.2:::::::*
	cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
	cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
	cpe:2.3:a:oracle:rapid_planning:12.1:::::::*
	cpe:2.3:a:oracle:rapid_planning:12.2:::::::*
	cpe:2.3:a:oracle:real-time_decision_server:3.2.1.0:::::::*
cpe:2.3:a:oracle:retail_order_broker:15.0:::::::*
cpe:2.3:a:oracle:retail_order_broker:16.0:::::::*
cpe:2.3:a:oracle:retail_order_broker:18.0:::::::*
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
cpe:2.3:a:oracle:secure_global_desktop:5.4:::::::*
cpe:2.3:a:oracle:secure_global_desktop:5.5:::::::*
cpe:2.3:a:oracle:siebel_ui_framework::::::::
cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:::::::*
cpe:2.3:a:oracle:tuxedo:12.1.3:::::::*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-2821-1	axis security update
EUVD	EUVD-2018-0560	Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
Github GHSA	GHSA-96jq-75wh-2658	Moderate severity vulnerability that affects apache axis

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E
https://issues.apache.org/jira/browse/AXIS-2924
https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E
https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html
https://nvd.nist.gov/vuln/detail/CVE-2018-8032
https://security.netapp.com/advisory/ntap-20240621-0006/
https://www.cve.org/CVERecord?id=CVE-2018-8032
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

History

Thu, 08 May 2025 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Oracle agile Product Lifecycle Management
CPEs	cpe:2.3:a:oracle:agile_product_lifecycle_management_framework:9.3.3:::::::*	cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:::::::*
Vendors & Products	Oracle agile Product Lifecycle Management Framework	Oracle agile Product Lifecycle Management

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2018-08-02T13:00:00Z

Updated: 2024-09-16T16:29:01.816Z

Reserved: 2018-03-09T00:00:00

Link: CVE-2018-8032

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-08-02T13:29:00.363

Modified: 2025-05-08T18:13:51.353

Link: CVE-2018-8032

Redhat

Severity : Moderate

Publid Date: 2018-07-08T00:00:00Z

Links: CVE-2018-8032 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object