Every CVE whose affected-product data names Apache Axis2, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2010-0219 — CVSS 10.0 (critical): Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default…
CVE-2010-1632 — CVSS 7.5 (high): Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services…
CVE-2012-5351 — CVSS 6.4 (medium): Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a…
CVE-2012-4418 — CVSS 5.8 (medium): Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
CVE-2012-5785 — CVSS 5.8 (medium): Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or…
CVE-2010-2103 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java…