HIGH✓ PATCH🇬🇧 English

CVE-2019-0227

CVSS 7.5v3.1pub. 2019-05-01upd. 2025-05-08

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apache Axis

    APP
    Apache
    1.4
  • Oracle Agile Engineering Data Management

    APP
    Oracle
    6.2.1.0
  • Oracle Agile Product Lifecycle Management

    APP
    Oracle
    9.3.3
  • Oracle Application Testing Suite

    APP
    Oracle
    13.2.0.113.3.0.1
  • Oracle Big Data Discovery

    APP
    Oracle
    1.6
  • Oracle Communications Asap Cartridges

    APP
    Oracle
    7.27.3
  • Oracle Communications Design Studio

    APP
    Oracle
    7.3.4.3.07.3.5.5.07.4.0.4.07.4.1.1.0
  • Oracle Communications Element Manager

    APP
    Oracle
    8.0.08.1.08.1.18.2.0
  • Oracle Communications Network Integrity

    APP
    Oracle
    7.3.57.3.6
  • Oracle Communications Order And Service Management

    APP
    Oracle
    7.3.0.0.07.4
  • Oracle Communications Session Report Manager

    APP
    Oracle
    8.0.08.1.08.1.18.2.0
  • Oracle Communications Session Route Manager

    APP
    Oracle
    8.0.08.1.08.1.18.2.0
  • Oracle Endeca Information Discovery Studio

    APP
    Oracle
    3.2.0
  • Oracle Enterprise Manager Base Platform

    APP
    Oracle
    12.1.0.513.3.0.0
  • Oracle Enterprise Manager For Fusion Middleware

    APP
    Oracle
    12.1.0.5
  • Oracle Financial Services Analytical Applications Infrastructure

    APP
    Oracle
    7.3.3 – 7.3.58.0.0 – 8.0.8
  • Oracle Financial Services Compliance Regulatory Reporting

    APP
    Oracle
    8.0.6 – 8.0.8
  • Oracle Financial Services Funds Transfer Pricing

    APP
    Oracle
    8.0.2 – 8.0.7
  • Oracle Flexcube Core Banking

    APP
    Oracle
    11.10.011.7.011.8.011.9.0
  • Oracle Flexcube Private Banking

    APP
    Oracle
    12.0.012.1.0
  • Oracle Hospitality Guest Access

    APP
    Oracle
    4.2.04.2.1
  • Oracle Instantis Enterprisetrack

    APP
    Oracle
    17.117.217.3
  • Oracle Internet Directory

    APP
    Oracle
    12.2.1.3.012.2.1.4.0
  • Oracle Knowledge

    APP
    Oracle
    8.6.0 – 8.6.3
  • Oracle Peoplesoft Enterprise Human Capital Management Human Resources

    APP
    Oracle
    7.3.57.3.69.2
  • Oracle Peoplesoft Enterprise Peopletools

    APP
    Oracle
    8.568.578.58
  • Oracle Policy Automation Connector For Siebel

    APP
    Oracle
    10.4.6
  • Oracle Primavera Gateway

    APP
    Oracle
    16.2.1117.12.6
  • Oracle Primavera Unifier

    APP
    Oracle
    16.116.218.819.1217.7 – 17.12
  • Oracle Rapid Planning

    APP
    Oracle
    12.112.2
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
SSRF
CWE
Referencje

Powiązane podatności

CVE-2026-35273CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Pominięcie uwierzytelnienia w Oracle PeopleSoft PeopleTools (RCE/Takeover)

CVE-2022-22963CRITICAL9.8⚠ KEVten sam produkt

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionalit...

CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...

CVE-2021-42013CRITICAL9.8⚠ KEVten sam produkt

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could ...

CVE-2021-41773CRITICAL9.8⚠ KEVten sam produkt

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a ...