MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2018-8032

CVSS 6.1v3.1pub. 2018-08-02upd. 2025-05-08

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Apache Axis

    APP
    Apache
    1.0 – 1.4
  • Debian

    OS
    Debian
    9.0
  • Oracle Agile Engineering Data Management

    APP
    Oracle
    6.2.1.0
  • Oracle Agile Product Lifecycle Management

    APP
    Oracle
    9.3.3
  • Oracle Application Testing Suite

    APP
    Oracle
    13.2.0.113.3.0.1
  • Oracle Big Data Discovery

    APP
    Oracle
    1.6
  • Oracle Communications Asap Cartridges

    APP
    Oracle
    7.27.3
  • Oracle Communications Design Studio

    APP
    Oracle
    7.3.4.3.07.3.5.5.07.4.0.4.07.4.1.1.0
  • Oracle Communications Element Manager

    APP
    Oracle
    8.0.08.1.08.1.18.2.0
  • Oracle Communications Network Integrity

    APP
    Oracle
    7.3.57.3.6
  • Oracle Communications Order And Service Management

    APP
    Oracle
    7.3.0.0.07.4
  • Oracle Communications Session Report Manager

    APP
    Oracle
    8.0.08.1.08.1.18.2.0
  • Oracle Communications Session Route Manager

    APP
    Oracle
    8.0.08.1.08.1.18.2.0
  • Oracle Endeca Information Discovery Studio

    APP
    Oracle
    3.2.0
  • Oracle Enterprise Manager Base Platform

    APP
    Oracle
    12.1.0.513.3.0.0
  • Oracle Enterprise Manager For Fusion Middleware

    APP
    Oracle
    12.1.0.5
  • Oracle Financial Services Analytical Applications Infrastructure

    APP
    Oracle
    7.3.3 – 7.3.58.0.0 – 8.0.8
  • Oracle Financial Services Compliance Regulatory Reporting

    APP
    Oracle
    8.0.6 – 8.0.8
  • Oracle Financial Services Funds Transfer Pricing

    APP
    Oracle
    8.0.2 – 8.0.7
  • Oracle Flexcube Core Banking

    APP
    Oracle
    11.10.011.7.011.8.011.9.0
  • Oracle Flexcube Private Banking

    APP
    Oracle
    12.0.012.1.0
  • Oracle Hospitality Guest Access

    APP
    Oracle
    4.2.04.2.1
  • Oracle Instantis Enterprisetrack

    APP
    Oracle
    17.117.217.3
  • Oracle Internet Directory

    APP
    Oracle
    12.2.1.3.012.2.1.4.0
  • Oracle Knowledge

    APP
    Oracle
    8.6.0 – 8.6.3
  • Oracle Peoplesoft Enterprise Human Capital Management Human Resources

    APP
    Oracle
    9.2
  • Oracle Peoplesoft Enterprise Peopletools

    APP
    Oracle
    8.568.578.58
  • Oracle Policy Automation Connector For Siebel

    APP
    Oracle
    10.4.6
  • Oracle Primavera Gateway

    APP
    Oracle
    16.2.1117.12.6
  • Oracle Primavera Unifier

    APP
    Oracle
    16.116.218.819.1217.7 – 17.12
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2026-35273CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Pominięcie uwierzytelnienia w Oracle PeopleSoft PeopleTools (RCE/Takeover)

CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt

GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt

RCE przez deserializację PHP w Roundcube Webmail (parametr _from)

CVE-2025-32433CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)