CVE-2018-1229

EPSS 0.3%
Published 21.03.2018 20:29:00
Last modified 21.11.2024 03:59:25
Source security_alert@emc.com
Teams watchlist Login
Open Login

Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Pivotal Software ≫ Spring Batch Admin

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.3%	0.506

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.securityfocus.com/bid/103462

Third Party Advisory

VDB Entry

https://pivotal.io/security/cve-2018-1229

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-1229

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-1229

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-1229

EUVD