CVE-2010-2103 : Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Ap

Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.

Published 2010-05-27 22:30:02

Updated 2018-10-10 19:58:30

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Exploit prediction scoring system (EPSS) score for CVE-2010-2103

Probability of exploitation activity in the next 30 days: 0.40%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 73 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-2103

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2010-2103

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-2103

http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf

CVEs referencing this url
https://kb.juniper.net/KB27373

Juniper Networks - 2013-05 Security Bulletin: Network and Security Manager: Multiple Apache Axis2 vulnerabilities fixed

CVEs referencing this url
http://www.securityfocus.com/bid/40327

Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
Exploit
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03

Error404 | ProCheckUp
Exploit
http://www.exploit-db.com/exploits/12689

Apache Axis2 Administration Console - (Authenticated) Cross-Site Scripting - Multiple webapps Exploit
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/58790

Apache Axis2 modules cross-site scripting CVE-2010-2103 Vulnerability Report
http://www.securityfocus.com/archive/1/511404/100/0/threaded

SecurityFocus
http://www.vupen.com/english/advisories/2010/1215

Webmail | OVH- OVH
Vendor Advisory

Products affected by CVE-2010-2103

Apache » Axis2 » Version: 1.4.1
cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*
Matching versions
When used together with: 3com » Intelligent Management Center
When used together with: SAP » Business Objects » Version: 12
Apache » Axis2 » Version: 1.5.1
cpe:2.3:a:apache:axis2:1.5.1:*:*:*:*:*:*:*
Matching versions
When used together with: 3com » Intelligent Management Center
When used together with: SAP » Business Objects » Version: 12

Vulnerability Details : CVE-2010-2103

Exploit prediction scoring system (EPSS) score for CVE-2010-2103

CVSS scores for CVE-2010-2103

CWE ids for CVE-2010-2103

References for CVE-2010-2103

Products affected by CVE-2010-2103