CVE-2018-8032

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

Published: Aug 2, 2018
Updated: Nov 8, 2023
CVE: CVE-2018-8032
GHSA: GHSA-96jq-75wh-2658
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
apache / axis	1.0	1.4.x
oracle / flexcube_private_banking	12.1.0	12.1.0.x
oracle / primavera_unifier	16.2	16.2.x
oracle / peoplesoft_enterprise_human_capital_management_human_resources	9.2	9.2.x
oracle / retail_xstore_point_of_service	7.1	7.1.x
oracle / enterprise_manager_base_platform	12.1.0.5	12.1.0.5.x
oracle / flexcube_private_banking	12.0.0	12.0.0.x
oracle / primavera_unifier	16.1	16.1.x
oracle / peoplesoft_enterprise_peopletools	8.56	8.56.x
oracle / hospitality_guest_access	4.2.0	4.2.0.x
oracle / hospitality_guest_access	4.2.1	4.2.1.x
oracle / tuxedo	12.1.3	12.1.3.x
oracle / internet_directory	12.2.1.3.0	12.2.1.3.0.x
oracle / webcenter_portal	12.2.1.3.0	12.2.1.3.0.x
oracle / communications_order_and_service_management	7.3.0.0.0	7.3.0.0.0.x
oracle / flexcube_core_banking	11.7.0	11.7.0.x
oracle / peoplesoft_enterprise_peopletools	8.57	8.57.x
oracle / application_testing_suite	13.2.0.1	13.2.0.1.x
oracle / application_testing_suite	13.3.0.1	13.3.0.1.x
oracle / secure_global_desktop	5.4	5.4.x
oracle / retail_order_broker	15.0	15.0.x
oracle / retail_order_broker	16.0	16.0.x
oracle / primavera_unifier	18.8	18.8.x
oracle / enterprise_manager_for_fusion_middleware	12.1.0.5	12.1.0.5.x
oracle / policy_automation_connector_for_siebel	10.4.6	10.4.6.x
oracle / primavera_unifier	17.7	17.12.x
oracle / financial_services_analytical_applications_infrastructure	7.3.3	7.3.5.x
oracle / endeca_information_discovery_studio	3.2.0	3.2.0.x
oracle / instantis_enterprisetrack	17.1	17.1.x
oracle / instantis_enterprisetrack	17.2	17.2.x
oracle / instantis_enterprisetrack	17.3	17.3.x
oracle / tuxedo	12.1.1.0.0	12.1.1.0.0.x
oracle / enterprise_manager_base_platform	13.3.0.0	13.3.0.0.x
oracle / knowledge	8.6.0	8.6.3.x
oracle / peoplesoft_enterprise_peopletools	8.58	8.58.x
oracle / primavera_unifier	19.12	19.12.x
oracle / secure_global_desktop	5.5	5.5.x
oracle / rapid_planning	12.1	12.1.x
oracle / rapid_planning	12.2	12.2.x
oracle / communications_element_manager	8.2.0	8.2.0.x
oracle / communications_element_manager	8.1.1	8.1.1.x
oracle / communications_element_manager	8.1.0	8.1.0.x
oracle / communications_element_manager	8.0.0	8.0.0.x
oracle / agile_engineering_data_management	6.2.1.0	6.2.1.0.x
oracle / communications_session_report_manager	8.1.1	8.1.1.x
oracle / communications_session_report_manager	8.2.0	8.2.0.x
oracle / communications_session_route_manager	8.1.1	8.1.1.x
oracle / communications_session_route_manager	8.2.0	8.2.0.x
oracle / primavera_gateway	16.2.11	16.2.11.x
oracle / primavera_gateway	17.12.6	17.12.6.x
oracle / communications_session_route_manager	8.0.0	8.0.0.x
oracle / communications_session_route_manager	8.1.0	8.1.0.x
oracle / communications_session_report_manager	8.0.0	8.0.0.x
oracle / communications_session_report_manager	8.1.0	8.1.0.x
oracle / communications_asap_cartridges	7.2	7.2.x
oracle / communications_asap_cartridges	7.3	7.3.x
oracle / financial_services_compliance_regulatory_reporting	8.0.6	8.0.8.x
oracle / communications_order_and_service_management	7.4	7.4.x
oracle / communications_network_integrity	7.3.5	7.3.5.x
oracle / communications_network_integrity	7.3.6	7.3.6.x
oracle / real-time_decision_server	3.2.1.0	3.2.1.0.x
oracle / retail_order_broker	18.0	18.0.x
oracle / big_data_discovery	1.6	1.6.x
oracle / communications_design_studio	7.4.1.1.0	7.4.1.1.0.x
oracle / communications_design_studio	7.3.4.3.0	7.3.4.3.0.x
oracle / communications_design_studio	7.3.5.5.0	7.3.5.5.0.x
oracle / financial_services_analytical_applications_infrastructure	8.0.0	8.0.8.x
oracle / financial_services_funds_transfer_pricing	8.0.2	8.0.7.x
oracle / communications_design_studio	7.4.0.4.0	7.4.0.4.0.x
oracle / flexcube_core_banking	11.8.0	11.8.0.x
oracle / flexcube_core_banking	11.10.0	11.10.0.x
oracle / siebel_ui_framework	-	21.0.x
oracle / flexcube_core_banking	11.9.0	11.9.0.x
oracle / internet_directory	12.2.1.4.0	12.2.1.4.0.x
debian / debian_linux	9.0	9.0.x
org.apache.axis / axis	-	1.4.x
axis / axis	-	1.4.x
oracle / agile_product_lifecycle_management	9.3.3	9.3.3.x

Vulnerability Database

289,599

CVE-2018-8032