Vulnerability detail

Enriched intelligence for a single CVE

10.0

CVSS
Critical

CVE-2010-0219

PUBLISHED

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of...

Exploited in the wild PoC available Remote Low complexity

Vendor: Apache
Product: Axis2
Published: Oct 18, 2010
EPSS: —

Description

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.

apache nuclei_scanner metasploit

CVSS scores

CVSS v2.0 10.0

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitation status

Exploited in the wild

Recorded 2025-04-23 00:00:00 UTC · Source

Proof of concept available

Recorded 2024-07-28 14:10:52 UTC · Source

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
The Shadowserver (via CIRCL)	Apr 23, 2025

Scanner integrations

Scanner	Reference	Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/axis2_deployer.rb	Apr 28, 2025
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2010/CVE-2010-0219.yaml	Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

axis2_deployer

metasploit · Created Unknown

Metasploit module for CVE-2010-0219

veritas-rt/CVE-2010-0219

github · Created 2024-07-28 14:10:52 UTC · 1 stars

Timeline

CVE ID Reserved

January 06, 2010
CVE Published to Public

October 18, 2010
Proof of Concept Exploit Available

July 28, 2024
Added to KEVIntel

April 23, 2025
Detected by Nuclei

April 25, 2025
Detected by Metasploit

April 28, 2025