Attacker Value
Unknown
CVE-2018-8032
CVE-2018-8032
(Last updated November 08, 2023) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
6.1 Medium
Impact Score:
2.7
Exploitability Score:
2.8
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Changed
Confidentiality (C):
Low
Integrity (I):
Low
Availability (A):
None
General Information
Vendors
- apache,
- debian,
- oracle
Products
- agile engineering data management 6.2.1.0,
- agile product lifecycle management framework 9.3.3,
- application testing suite 13.2.0.1,
- application testing suite 13.3.0.1,
- axis,
- big data discovery 1.6,
- communications asap cartridges 7.2,
- communications asap cartridges 7.3,
- communications design studio 7.3.4.3.0,
- communications design studio 7.3.5.5.0,
- communications design studio 7.4.0.4.0,
- communications design studio 7.4.1.1.0,
- communications element manager 8.0.0,
- communications element manager 8.1.0,
- communications element manager 8.1.1,
- communications element manager 8.2.0,
- communications network integrity 7.3.5,
- communications network integrity 7.3.6,
- communications order and service management 7.3.0.0.0,
- communications order and service management 7.4,
- communications session report manager 8.0.0,
- communications session report manager 8.1.0,
- communications session report manager 8.1.1,
- communications session report manager 8.2.0,
- communications session route manager 8.0.0,
- communications session route manager 8.1.0,
- communications session route manager 8.1.1,
- communications session route manager 8.2.0,
- debian linux 9.0,
- endeca information discovery studio 3.2.0,
- enterprise manager base platform 12.1.0.5,
- enterprise manager base platform 13.3.0.0,
- enterprise manager for fusion middleware 12.1.0.5,
- financial services analytical applications infrastructure,
- financial services compliance regulatory reporting,
- financial services funds transfer pricing,
- flexcube core banking 11.10.0,
- flexcube core banking 11.7.0,
- flexcube core banking 11.8.0,
- flexcube core banking 11.9.0,
- flexcube private banking 12.0.0,
- flexcube private banking 12.1.0,
- hospitality guest access 4.2.0,
- hospitality guest access 4.2.1,
- instantis enterprisetrack 17.1,
- instantis enterprisetrack 17.2,
- instantis enterprisetrack 17.3,
- internet directory 12.2.1.3.0,
- internet directory 12.2.1.4.0,
- knowledge,
- peoplesoft enterprise human capital management human resources 9.2,
- peoplesoft enterprise peopletools 8.56,
- peoplesoft enterprise peopletools 8.57,
- peoplesoft enterprise peopletools 8.58,
- policy automation connector for siebel 10.4.6,
- primavera gateway 16.2.11,
- primavera gateway 17.12.6,
- primavera unifier,
- primavera unifier 16.1,
- primavera unifier 16.2,
- primavera unifier 18.8,
- primavera unifier 19.12,
- rapid planning 12.1,
- rapid planning 12.2,
- real-time decision server 3.2.1.0,
- retail order broker 15.0,
- retail order broker 16.0,
- retail order broker 18.0,
- retail xstore point of service 7.1,
- secure global desktop 5.4,
- secure global desktop 5.5,
- siebel ui framework,
- tuxedo 12.1.1.0.0,
- tuxedo 12.1.3,
- webcenter portal 12.2.1.3.0
References
Advisory
Miscellaneous
