Lucene search

[email protected]NVD:CVE-2019-0227

HistoryMay 01, 2019 - 9:29 p.m.

CVE-2019-0227

2019-05-0121:29:00

CWE-918

[email protected]

web.nvd.nist.gov

CVSS2

5.4

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.873

Percentile

98.7%

JSON

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.

Affected configurations

Nvd

Node

apacheaxisMatch1.4

Node

oracleagile_engineering_data_managementMatch6.2.1.0

oracleagile_product_lifecycle_management_frameworkMatch9.3.3

oracleapplication_testing_suiteMatch13.2.0.1

oracleapplication_testing_suiteMatch13.3.0.1

oraclebig_data_discoveryMatch1.6

oraclecommunications_asap_cartridgesMatch7.2

oraclecommunications_asap_cartridgesMatch7.3

oraclecommunications_design_studioMatch7.3.4.3.0

oraclecommunications_design_studioMatch7.3.5.5.0

oraclecommunications_design_studioMatch7.4.0.4.0

oraclecommunications_design_studioMatch7.4.1.1.0

oraclecommunications_element_managerMatch8.0.0

oraclecommunications_element_managerMatch8.1.0

oraclecommunications_element_managerMatch8.1.1

oraclecommunications_element_managerMatch8.2.0

oraclecommunications_network_integrityMatch7.3.5

oraclecommunications_network_integrityMatch7.3.6

oraclecommunications_order_and_service_managementMatch7.3.0.0.0

oraclecommunications_order_and_service_managementMatch7.4

oraclecommunications_session_report_managerMatch8.0.0

oraclecommunications_session_report_managerMatch8.1.0

oraclecommunications_session_report_managerMatch8.1.1

oraclecommunications_session_report_managerMatch8.2.0

oraclecommunications_session_route_managerMatch8.0.0

oraclecommunications_session_route_managerMatch8.1.0

oraclecommunications_session_route_managerMatch8.1.1

oraclecommunications_session_route_managerMatch8.2.0

oracleendeca_information_discovery_studioMatch3.2.0

oracleenterprise_manager_base_platformMatch12.1.0.5

oracleenterprise_manager_base_platformMatch13.3.0.0

oracleenterprise_manager_for_fusion_middlewareMatch12.1.0.5

oraclefinancial_services_analytical_applications_infrastructureRange7.3.3–7.3.5

oraclefinancial_services_analytical_applications_infrastructureRange8.0.0–8.0.8

oraclefinancial_services_compliance_regulatory_reportingRange8.0.6–8.0.8

oraclefinancial_services_funds_transfer_pricingRange8.0.2–8.0.7

oracleflexcube_core_bankingMatch11.7.0

oracleflexcube_core_bankingMatch11.8.0

oracleflexcube_core_bankingMatch11.9.0

oracleflexcube_core_bankingMatch11.10.0

oracleflexcube_private_bankingMatch12.0.0

oracleflexcube_private_bankingMatch12.1.0

oraclehospitality_guest_accessMatch4.2.0

oraclehospitality_guest_accessMatch4.2.1

oracleinstantis_enterprisetrackMatch17.1

oracleinstantis_enterprisetrackMatch17.2

oracleinstantis_enterprisetrackMatch17.3

oracleinternet_directoryMatch12.2.1.3.0

oracleinternet_directoryMatch12.2.1.4.0

oracleknowledgeRange8.6.0–8.6.3

oraclepeoplesoft_enterprise_human_capital_management_human_resourcesMatch7.3.5

oraclepeoplesoft_enterprise_human_capital_management_human_resourcesMatch7.3.6

oraclepeoplesoft_enterprise_human_capital_management_human_resourcesMatch9.2

oraclepeoplesoft_enterprise_peopletoolsMatch8.56

oraclepeoplesoft_enterprise_peopletoolsMatch8.57

oraclepeoplesoft_enterprise_peopletoolsMatch8.58

oraclepolicy_automation_connector_for_siebelMatch10.4.6

oracleprimavera_gatewayMatch16.2.11

oracleprimavera_gatewayMatch17.12.6

oracleprimavera_unifierRange17.7–17.12

oracleprimavera_unifierMatch16.1

oracleprimavera_unifierMatch16.2

oracleprimavera_unifierMatch18.8

oracleprimavera_unifierMatch19.12

oraclerapid_planningMatch12.1

oraclerapid_planningMatch12.2

oraclereal-time_decision_serverMatch3.2.1.0

oracleretail_order_brokerMatch15.0

oracleretail_order_brokerMatch16.0

oracleretail_order_brokerMatch18.0

oracleretail_xstore_point_of_serviceMatch7.1

oraclesecure_global_desktopMatch5.4

oraclesecure_global_desktopMatch5.5

oraclesiebel_ui_frameworkRange≤21.0

oracletuxedoMatch12.1.1.0.0

oracletuxedoMatch12.1.3

oraclewebcenter_portalMatch12.2.1.3.0

VendorProductVersionCPE
apacheaxis1.4cpe:2.3:a:apache:axis:1.4:*:*:*:*:*:*:*
oracleagile_engineering_data_management6.2.1.0cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*
oracleagile_product_lifecycle_management_framework9.3.3cpe:2.3:a:oracle:agile_product_lifecycle_management_framework:9.3.3:*:*:*:*:*:*:*
oracleapplication_testing_suite13.2.0.1cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
oracleapplication_testing_suite13.3.0.1cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
oraclebig_data_discovery1.6cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*
oraclecommunications_asap_cartridges7.2cpe:2.3:a:oracle:communications_asap_cartridges:7.2:*:*:*:*:*:*:*
oraclecommunications_asap_cartridges7.3cpe:2.3:a:oracle:communications_asap_cartridges:7.3:*:*:*:*:*:*:*
oraclecommunications_design_studio7.3.4.3.0cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:*:*:*:*:*:*:*
oraclecommunications_design_studio7.3.5.5.0cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	axis	1.4	cpe:2.3:a:apache:axis:1.4:::::::*
oracle	agile_engineering_data_management	6.2.1.0	cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:::::::*
oracle	agile_product_lifecycle_management_framework	9.3.3	cpe:2.3:a:oracle:agile_product_lifecycle_management_framework:9.3.3:::::::*
oracle	application_testing_suite	13.2.0.1	cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:::::::*
oracle	application_testing_suite	13.3.0.1	cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
oracle	big_data_discovery	1.6	cpe:2.3:a:oracle:big_data_discovery:1.6:::::::*
oracle	communications_asap_cartridges	7.2	cpe:2.3:a:oracle:communications_asap_cartridges:7.2:::::::*
oracle	communications_asap_cartridges	7.3	cpe:2.3:a:oracle:communications_asap_cartridges:7.3:::::::*
oracle	communications_design_studio	7.3.4.3.0	cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:::::::*
oracle	communications_design_studio	7.3.5.5.0	cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:::::::*