9.8
CVE-2017-8046
- EPSS 93.73%
- Published 04.01.2018 06:29:00
- Last modified 21.11.2024 03:33:12
- Source security_alert@emc.com
- Teams watchlist Login
- Open Login
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
Data is provided by the National Vulnerability Database (NVD)
VMware ≫ Spring Boot Version < 1.5.9
VMware ≫ Spring Boot Version2.0.0 Updatemilestone1
VMware ≫ Spring Boot Version2.0.0 Updatemilestone2
VMware ≫ Spring Boot Version2.0.0 Updatemilestone3
VMware ≫ Spring Boot Version2.0.0 Updatemilestone4
VMware ≫ Spring Boot Version2.0.0 Updatemilestone5
Pivotal Software ≫ Spring Data Rest Version < 2.6.9
Pivotal Software ≫ Spring Data Rest Version3.0.0
Pivotal Software ≫ Spring Data Rest Version3.0.0 Updatem1
Pivotal Software ≫ Spring Data Rest Version3.0.0 Updatem2
Pivotal Software ≫ Spring Data Rest Version3.0.0 Updatem3
Pivotal Software ≫ Spring Data Rest Version3.0.0 Updatem4
Pivotal Software ≫ Spring Data Rest Version3.0.0 Updaterc1
Pivotal Software ≫ Spring Data Rest Version3.0.0 Updaterc2
Pivotal Software ≫ Spring Data Rest Version3.0.0 Updaterc3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 93.73% | 0.998 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.