CVE-2010-0219 - Vulnerability Details - OpenCVE

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Axis2
Sap	Businessobjects

Configuration 1 [-]

AND

OR	cpe:2.3:a:apache:axis2:1.3:::::::*
	cpe:2.3:a:apache:axis2:1.4:::::::*
	cpe:2.3:a:apache:axis2:1.4.1:::::::*
	cpe:2.3:a:apache:axis2:1.5:::::::*
	cpe:2.3:a:apache:axis2:1.5.1:::::::*
	cpe:2.3:a:apache:axis2:1.5.2:::::::*
	cpe:2.3:a:apache:axis2:1.6:::::::*

cpe:2.3:a:sap:businessobjects:3.2:*:enterprise_xi:*:*:*:*:*

No data.

References

Link	Providers
http://retrogod.altervista.org/9sg_ca_d2d.html
http://secunia.com/advisories/41799
http://secunia.com/advisories/42763
http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf
http://www.exploit-db.com/exploits/15869
http://www.kb.cert.org/vuls/id/989719
http://www.osvdb.org/70233
http://www.rapid7.com/security-center/advisories/R7-0037.jsp
http://www.securityfocus.com/archive/1/514284/100/0/threaded
http://www.securitytracker.com/id?1024929
http://www.vupen.com/english/advisories/2010/2673
https://exchange.xforce.ibmcloud.com/vulnerabilities/62523
https://kb.juniper.net/KB27373
https://service.sap.com/sap/support/notes/1432881

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2010-10-18T16:00:00

Updated: 2024-08-07T00:45:10.633Z

Reserved: 2010-01-06T00:00:00

Link: CVE-2010-0219

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-10-18T17:00:03.457

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-0219

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-10-13T00:00:00", "descriptions": [{"lang": "en", "value": "Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "41799", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41799"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/KB27373"}, {"tags": ["x_refsource_MISC"], "url": "http://retrogod.altervista.org/9sg_ca_d2d.html"}, {"name": "70233", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/70233"}, {"name": "15869", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/15869"}, {"tags": ["x_refsource_MISC"], "url": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf"}, {"name": "ADV-2010-2673", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2673"}, {"name": "20101014 R7-0037: SAP BusinessObjects Axis2 Default Admin Password", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/514284/100/0/threaded"}, {"name": "businessobjects-dswsbobje-security-bypass(62523)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62523"}, {"name": "42763", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42763"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rapid7.com/security-center/advisories/R7-0037.jsp"}, {"name": "VU#989719", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/989719"}, {"name": "1024929", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1024929"}, {"tags": ["x_refsource_MISC"], "url": "https://service.sap.com/sap/support/notes/1432881"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2010-0219", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "41799", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/41799"}, {"name": "https://kb.juniper.net/KB27373", "refsource": "CONFIRM", "url": "https://kb.juniper.net/KB27373"}, {"name": "http://retrogod.altervista.org/9sg_ca_d2d.html", "refsource": "MISC", "url": "http://retrogod.altervista.org/9sg_ca_d2d.html"}, {"name": "70233", "refsource": "OSVDB", "url": "http://www.osvdb.org/70233"}, {"name": "15869", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/15869"}, {"name": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf", "refsource": "MISC", "url": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf"}, {"name": "ADV-2010-2673", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2673"}, {"name": "20101014 R7-0037: SAP BusinessObjects Axis2 Default Admin Password", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/514284/100/0/threaded"}, {"name": "businessobjects-dswsbobje-security-bypass(62523)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62523"}, {"name": "42763", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42763"}, {"name": "http://www.rapid7.com/security-center/advisories/R7-0037.jsp", "refsource": "MISC", "url": "http://www.rapid7.com/security-center/advisories/R7-0037.jsp"}, {"name": "VU#989719", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/989719"}, {"name": "1024929", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1024929"}, {"name": "https://service.sap.com/sap/support/notes/1432881", "refsource": "MISC", "url": "https://service.sap.com/sap/support/notes/1432881"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:45:10.633Z"}, "title": "CVE Program Container", "references": [{"name": "41799", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/41799"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.juniper.net/KB27373"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://retrogod.altervista.org/9sg_ca_d2d.html"}, {"name": "70233", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/70233"}, {"name": "15869", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/15869"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf"}, {"name": "ADV-2010-2673", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/2673"}, {"name": "20101014 R7-0037: SAP BusinessObjects Axis2 Default Admin Password", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/514284/100/0/threaded"}, {"name": "businessobjects-dswsbobje-security-bypass(62523)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62523"}, {"name": "42763", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42763"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.rapid7.com/security-center/advisories/R7-0037.jsp"}, {"name": "VU#989719", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/989719"}, {"name": "1024929", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1024929"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://service.sap.com/sap/support/notes/1432881"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2010-0219", "datePublished": "2010-10-18T16:00:00", "dateReserved": "2010-01-06T00:00:00", "dateUpdated": "2024-08-07T00:45:10.633Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "F0CBFD09-884C-436D-8D92-88B47A130C47", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "E0604FFE-16AC-4990-85F6-88C48A8E1707", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "EC2371DC-0E86-49F2-98F6-4CCE49A24183", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "38D8E446-7735-49C4-83E3-F1E6448ABD43", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "89046700-F2B9-4468-AB71-3451401C16DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "FEC87179-CCFA-45D4-98C1-7D594EC88999", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:sap:businessobjects:3.2:*:enterprise_xi:*:*:*:*:*", "matchCriteriaId": "224ED925-BF44-4C85-89B5-DC3A187AAE77", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service."}, {"lang": "es", "value": "Axis2 de Apache, tal y como es usado en dswsbobje.war en SAP BusinessObjects Enterprise XI versi\u00f3n 3.2, CA ARCserve D2D r15 y otros productos, tiene una contrase\u00f1a por defecto de axis2 para la cuenta de administrador, lo que facilita a los atacantes remotos ejecutar c\u00f3digo arbitrario mediante la carga de un servicio web especialmente dise\u00f1ado."}], "id": "CVE-2010-0219", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-10-18T17:00:03.457", "references": [{"source": "cret@cert.org", "url": "http://retrogod.altervista.org/9sg_ca_d2d.html"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/41799"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/42763"}, {"source": "cret@cert.org", "tags": ["Exploit"], "url": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf"}, {"source": "cret@cert.org", "url": "http://www.exploit-db.com/exploits/15869"}, {"source": "cret@cert.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/989719"}, {"source": "cret@cert.org", "url": "http://www.osvdb.org/70233"}, {"source": "cret@cert.org", "tags": ["Exploit"], "url": "http://www.rapid7.com/security-center/advisories/R7-0037.jsp"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/archive/1/514284/100/0/threaded"}, {"source": "cret@cert.org", "url": "http://www.securitytracker.com/id?1024929"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2673"}, {"source": "cret@cert.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62523"}, {"source": "cret@cert.org", "url": "https://kb.juniper.net/KB27373"}, {"source": "cret@cert.org", "tags": ["Patch"], "url": "https://service.sap.com/sap/support/notes/1432881"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://retrogod.altervista.org/9sg_ca_d2d.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/41799"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/42763"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.exploit-db.com/exploits/15869"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/989719"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/70233"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.rapid7.com/security-center/advisories/R7-0037.jsp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/514284/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1024929"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2673"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62523"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://kb.juniper.net/KB27373"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://service.sap.com/sap/support/notes/1432881"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}