Description
AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vertical privilege escalation, (3) cause a Denial of Service on global application, or (4) write/read/delete arbitrary files on server hosting the application.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5463/
Scores
CVSS v3
9.8
EPSS
0.0203
EPSS Percentile
78.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-285
Status
published
Products (1)
axiomsl/axiom
< 9.5.3
Published
Apr 03, 2019
Tracked Since
Feb 18, 2026