VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-24xc-gnxw-5qhq

Essentials
Severities (26)
References (9)
Severity details (12)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-24xc-gnxw-5qhq
Aliases	CVE-2023-51441 GHSA-hr2c-p8rh-238h
Summary	Apache Axis Improper Input Validation vulnerability UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF. This issue affects Apache Axis through 1.3. As Axis 1 has been EOL, we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. Alternatively you could use a build of Axis with the patch from https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 applied. The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-20	Improper Input Validation
CWE-918	Server-Side Request Forgery (SSRF)
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-51441
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-51441
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-51441
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-51441
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-51441
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-51441
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-51441
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-51441
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-51441
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-51441
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-51441
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-51441
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-51441
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-51441
cvssv3.1	4.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-hr2c-p8rh-238h
cvssv3.1	7.2	https://github.com/apache/axis-axis1-java
generic_textual	HIGH	https://github.com/apache/axis-axis1-java
cvssv3.1	7.2	https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06
generic_textual	HIGH	https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06
ssvc	Track	https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06
cvssv3.1	7.2	https://lists.apache.org/thread/8nrm5thop8f82pglx4o0jg8wmvy6d9yd
generic_textual	HIGH	https://lists.apache.org/thread/8nrm5thop8f82pglx4o0jg8wmvy6d9yd
ssvc	Track	https://lists.apache.org/thread/8nrm5thop8f82pglx4o0jg8wmvy6d9yd
cvssv3.1	7.2	https://nvd.nist.gov/vuln/detail/CVE-2023-51441
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2023-51441

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2023-51441
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51441
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/apache/axis-axis1-java
		https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06
		https://lists.apache.org/thread/8nrm5thop8f82pglx4o0jg8wmvy6d9yd
		https://nvd.nist.gov/vuln/detail/CVE-2023-51441
1060169		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060169
GHSA-hr2c-p8rh-238h		https://github.com/advisories/GHSA-hr2c-p8rh-238h

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/apache/axis-axis1-java

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-08T14:33:06Z/ Found at https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread/8nrm5thop8f82pglx4o0jg8wmvy6d9yd

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-08T14:33:06Z/ Found at https://lists.apache.org/thread/8nrm5thop8f82pglx4o0jg8wmvy6d9yd

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-51441

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.19731
EPSS Score	0.00063
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:49:57.310134+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-hr2c-p8rh-238h/GHSA-hr2c-p8rh-238h.json	38.0.0