CVE-2010-2103
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.8 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
73.8%
Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache:axis2 | apache axis2 | eq | 1.4.1 |
| apache:axis2 | apache axis2 | eq | 1.5.1 |
References
osvdb.org/64844
secunia.com/advisories/39906
spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf
www.exploit-db.com/exploits/12689
www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03
www.securityfocus.com/archive/1/511404/100/0/threaded
www.securityfocus.com/bid/40327
www.vupen.com/english/advisories/2010/1215
exchange.xforce.ibmcloud.com/vulnerabilities/58790
kb.juniper.net/KB27373
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.8 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
73.8%