Vulnerability on Apache Axis2 Component
Our BO Server environment
Windows Server 2008 R2
Tomcat version = 7.0.27 >
Axis2 version = 1.3
Java version = 1.6.0_35
BOXI = 3.1 FP6.2
SAP Notes 1589554 and 1432881 describes our problem. It says to upgrade to FP2.5 - however we are already on FP6.2,
Other recommendation I have found is to "upgrade to the latest version of Axis2" which is 1.6.2
SAP Community thread http://scn.sap.com/thread/3196662 outlines same problem as I see it.
I put in a case with BO Support - the first thing they want us to do is upgrade to the latest SP (in this case that would be 7). Then they want us to run a scan on the version we just upgraded to - to identify security risks.
It is not feasible to do a Service Pack upgrade at this time - yet we want to solve the issue - any suggestions?
Thanks
Bob