CVE-2010-0219
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- January 06, 2010
- Published Date
- October 18, 2010
- Last Updated
- August 07, 2024
- Vendor
- n/a
- Product
- n/a
- Description
- Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
CVSS Scores
EPSS Score
- Score
- 93.72% (Percentile: 99.84%) as of 2025-04-29
Exploit Status
- Exploited in the Wild
- Yes (added 2025-04-23 00:00:00 UTC) Source
References
http://secunia.com/advisories/41799
https://kb.juniper.net/KB27373
http://retrogod.altervista.org/9sg_ca_d2d.html
http://www.osvdb.org/70233
http://www.exploit-db.com/exploits/15869
http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf
http://www.vupen.com/english/advisories/2010/2673
http://www.securityfocus.com/archive/1/514284/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/62523
http://secunia.com/advisories/42763
http://www.rapid7.com/security-center/advisories/R7-0037.jsp
http://www.kb.cert.org/vuls/id/989719
http://www.securitytracker.com/id?1024929
https://service.sap.com/sap/support/notes/1432881
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| The Shadowserver (via CIRCL) | 2025-04-23 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/axis2_deployer.rb | 2025-04-29 11:01:20 UTC |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2010/CVE-2010-0219.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
axis2_deployer
Type: metasploit • Created: Unknown
Metasploit module for CVE-2010-0219
veritas-rt/CVE-2010-0219
Type: github • Created: 2024-07-28 14:10:52 UTC • Stars: 1