CVE-2010-0219

EPSS 89.9%

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.

Affected products

n/a · n/a

public PoCs found — 5

githubgithub.com/veritas-rt/CVE-2010-0219★ 2 exploitdbwww.exploit-db.com/exploits/16312unverified exploitdbwww.exploit-db.com/exploits/16315unverified exploitdbwww.exploit-db.com/exploits/15869unverified cve_referencewww.exploit-db.com/exploits/15869unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://retrogod.altervista.org/9sg_ca_d2d.html http://secunia.com/advisories/41799 http://secunia.com/advisories/42763 https://exchange.xforce.ibmcloud.com/vulnerabilities/62523 https://kb.juniper.net/KB27373 http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf https://service.sap.com/sap/support/notes/1432881 http://www.exploit-db.com/exploits/15869 http://www.kb.cert.org/vuls/id/989719 http://www.osvdb.org/70233 http://www.rapid7.com/security-center/advisories/R7-0037.jsp http://www.securityfocus.com/archive/1/514284/100/0/threaded