A vulnerability classified as critical has been found in Apache Axis 1.x. Affected is an unknown function of the file axis-rt-core/src/main/java/org/apache/axis/client/ServiceFactory.java of the component Service Admin HTTP API. The manipulation leads to server-side request forgery. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is traded as CVE-2023-51441. The attack can only be initiated within the local network. There is no exploit available.

It is recommended to upgrade the affected component.