Attacker Value
Unknown
CVE-2019-0227
Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)CVE-2019-0227
(Last updated November 08, 2023) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
7.5 High
Impact Score:
5.9
Exploitability Score:
1.6
Attack Vector (AV):
Adjacent_network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High
General Information
Products
- agile engineering data management 6.2.1.0
- agile product lifecycle management framework 9.3.3
- application testing suite 13.2.0.1
- application testing suite 13.3.0.1
- axis 1.4
- big data discovery 1.6
- communications asap cartridges 7.2
- communications asap cartridges 7.3
- communications design studio 7.3.4.3.0
- communications design studio 7.3.5.5.0
- communications design studio 7.4.0.4.0
- communications design studio 7.4.1.1.0
- communications element manager 8.0.0
- communications element manager 8.1.0
- communications element manager 8.1.1
- communications element manager 8.2.0
- communications network integrity 7.3.5
- communications network integrity 7.3.6
- communications order and service management 7.3.0.0.0
- communications order and service management 7.4
- communications session report manager 8.0.0
- communications session report manager 8.1.0
- communications session report manager 8.1.1
- communications session report manager 8.2.0
- communications session route manager 8.0.0
- communications session route manager 8.1.0
- communications session route manager 8.1.1
- communications session route manager 8.2.0
- endeca information discovery studio 3.2.0
- enterprise manager base platform 12.1.0.5
- enterprise manager base platform 13.3.0.0
- enterprise manager for fusion middleware 12.1.0.5
- financial services analytical applications infrastructure
- financial services compliance regulatory reporting
- financial services funds transfer pricing
- flexcube core banking 11.10.0
- flexcube core banking 11.7.0
- flexcube core banking 11.8.0
- flexcube core banking 11.9.0
- flexcube private banking 12.0.0
- flexcube private banking 12.1.0
- hospitality guest access 4.2.0
- hospitality guest access 4.2.1
- instantis enterprisetrack 17.1
- instantis enterprisetrack 17.2
- instantis enterprisetrack 17.3
- internet directory 12.2.1.3.0
- internet directory 12.2.1.4.0
- knowledge
- peoplesoft enterprise human capital management human resources 7.3.5
- peoplesoft enterprise human capital management human resources 7.3.6
- peoplesoft enterprise human capital management human resources 9.2
- peoplesoft enterprise peopletools 8.56
- peoplesoft enterprise peopletools 8.57
- peoplesoft enterprise peopletools 8.58
- policy automation connector for siebel 10.4.6
- primavera gateway 16.2.11
- primavera gateway 17.12.6
- primavera unifier
- primavera unifier 16.1
- primavera unifier 16.2
- primavera unifier 18.8
- primavera unifier 19.12
- rapid planning 12.1
- rapid planning 12.2
- real time decision server 3.2.1.0
- retail order broker 15.0
- retail order broker 16.0
- retail order broker 18.0
- retail xstore point of service 7.1
- secure global desktop 5.4
- secure global desktop 5.5
- siebel ui framework
- tuxedo 12.1.1.0.0
- tuxedo 12.1.3
- webcenter portal 12.2.1.3.0
References
Advisory
Miscellaneous
