CVE-2018-8032 - OpenCVE

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Axis
Debian	Debian Linux
Oracle	Agile Engineering Data Management Agile Product Lifecycle Management Framework Application Testing Suite Big Data Discovery Communications Asap Cartridges Communications Design Studio Communications Element Manager Communications Network Integrity Communications Order And Service Management Communications Session Report Manager Communications Session Route Manager Endeca Information Discovery Studio Enterprise Manager Base Platform Enterprise Manager For Fusion Middleware Financial Services Analytical Applications Infrastructure Financial Services Compliance Regulatory Reporting Financial Services Funds Transfer Pricing Flexcube Core Banking Flexcube Private Banking Hospitality Guest Access Instantis Enterprisetrack Internet Directory Knowledge Peoplesoft Enterprise Human Capital Management Human Resources Peoplesoft Enterprise Peopletools Policy Automation Connector For Siebel Primavera Gateway Primavera Unifier Rapid Planning Real-time Decision Server Retail Order Broker Retail Xstore Point Of Service Secure Global Desktop Siebel Ui Framework Tuxedo Webcenter Portal

Configuration 1 [-]

cpe:2.3:a:apache:axis:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:::::::*
	cpe:2.3:a:oracle:agile_product_lifecycle_management_framework:9.3.3:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
	cpe:2.3:a:oracle:big_data_discovery:1.6:::::::*
	cpe:2.3:a:oracle:communications_asap_cartridges:7.2:::::::*
	cpe:2.3:a:oracle:communications_asap_cartridges:7.3:::::::*
	cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:::::::*
	cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:::::::*
	cpe:2.3:a:oracle:communications_design_studio:7.4.0.4.0:::::::*
	cpe:2.3:a:oracle:communications_design_studio:7.4.1.1.0:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:communications_network_integrity:7.3.5:::::::*
	cpe:2.3:a:oracle:communications_network_integrity:7.3.6:::::::*
	cpe:2.3:a:oracle:communications_order_and_service_management:7.3.0.0.0:::::::*
	cpe:2.3:a:oracle:communications_order_and_service_management:7.4:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:::::::*
	cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
	cpe:2.3:a:oracle:financial_services_compliance_regulatory_reporting::::::::
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing::::::::
	cpe:2.3:a:oracle:flexcube_core_banking:11.7.0:::::::*
	cpe:2.3:a:oracle:flexcube_core_banking:11.8.0:::::::*
	cpe:2.3:a:oracle:flexcube_core_banking:11.9.0:::::::*
	cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:::::::*
	cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:::::::*
	cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:::::::*
	cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*
	cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*
	cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*
	cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*
	cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*
	cpe:2.3:a:oracle:internet_directory:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:internet_directory:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:knowledge::::::::
	cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_human_resources:9.2:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
	cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:::::::*
	cpe:2.3:a:oracle:primavera_gateway:16.2.11:::::::*
	cpe:2.3:a:oracle:primavera_gateway:17.12.6:::::::*
	cpe:2.3:a:oracle:primavera_unifier::::::::
	cpe:2.3:a:oracle:primavera_unifier:16.1:::::::*
	cpe:2.3:a:oracle:primavera_unifier:16.2:::::::*
	cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
	cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
	cpe:2.3:a:oracle:rapid_planning:12.1:::::::*
	cpe:2.3:a:oracle:rapid_planning:12.2:::::::*
	cpe:2.3:a:oracle:real-time_decision_server:3.2.1.0:::::::*
cpe:2.3:a:oracle:retail_order_broker:15.0:::::::*
cpe:2.3:a:oracle:retail_order_broker:16.0:::::::*
cpe:2.3:a:oracle:retail_order_broker:18.0:::::::*
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
cpe:2.3:a:oracle:secure_global_desktop:5.4:::::::*
cpe:2.3:a:oracle:secure_global_desktop:5.5:::::::*
cpe:2.3:a:oracle:siebel_ui_framework::::::::
cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:::::::*
cpe:2.3:a:oracle:tuxedo:12.1.3:::::::*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E
https://issues.apache.org/jira/browse/AXIS-2924
https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E
https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html
https://nvd.nist.gov/vuln/detail/CVE-2018-8032
https://security.netapp.com/advisory/ntap-20240621-0006/
https://www.cve.org/CVERecord?id=CVE-2018-8032
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2018-08-02T13:00:00Z

Updated: 2024-09-16T16:29:01.816Z

Reserved: 2018-03-09T00:00:00

Link: CVE-2018-8032

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-08-02T13:29:00.363

Modified: 2024-06-21T19:15:11.357

Link: CVE-2018-8032

Redhat

Severity : Moderate

Publid Date: 2018-07-08T00:00:00Z

Links: CVE-2018-8032 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object