Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
Software | From | Fixed in |
---|---|---|
apache / axis2 | 1.3 | 1.3.x |
apache / axis2 | 1.4 | 1.4.x |
apache / axis2 | 1.4.1 | 1.4.1.x |
apache / axis2 | 1.5 | 1.5.x |
apache / axis2 | 1.5.1 | 1.5.1.x |
apache / axis2 | 1.5.2 | 1.5.2.x |
apache / axis2 | 1.6 | 1.6.x |
sap / businessobjects | 3.2 | 3.2.x |