Every CVE whose affected-product data names Apache Axis, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2023-40743 — CVSS 9.8 (critical): ** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service…
CVE-2019-0227 — CVSS 7.5 (high): A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and…
CVE-2023-51441 — CVSS 7.2 (high): ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to…
CVE-2018-8032 — CVSS 6.1 (medium): Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
CVE-2014-3596 — CVSS 5.8 (medium): The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's…
CVE-2012-5784 — CVSS 5.8 (medium): Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message…
CVE-2007-2353 — CVSS 5.0 (medium): Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the…