CVE-2018-1229 - Vulnerability Details - OpenCVE

Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pivotal Software	Spring Batch Admin

Configuration 1 [-]

cpe:2.3:a:pivotal_software:spring_batch_admin:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/103462
https://pivotal.io/security/cve-2018-1229

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2018-03-21T20:00:00Z

Updated: 2024-09-17T03:53:07.373Z

Reserved: 2017-12-06T00:00:00

Link: CVE-2018-1229

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-03-21T20:29:00.917

Modified: 2024-11-21T03:59:25.580

Link: CVE-2018-1229

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Spring Batch Admin", "vendor": "Spring by Pivotal", "versions": [{"status": "affected", "version": "All"}]}], "datePublic": "2018-03-16T00:00:00", "descriptions": [{"lang": "en", "value": "Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 - Cross-site Scripting (XSS) - Stored", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-03-22T09:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "103462", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103462"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://pivotal.io/security/cve-2018-1229"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "DATE_PUBLIC": "2018-03-16T00:00:00", "ID": "CVE-2018-1229", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Spring Batch Admin", "version": {"version_data": [{"version_value": "All"}]}}]}, "vendor_name": "Spring by Pivotal"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 - Cross-site Scripting (XSS) - Stored"}]}]}, "references": {"reference_data": [{"name": "103462", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103462"}, {"name": "https://pivotal.io/security/cve-2018-1229", "refsource": "CONFIRM", "url": "https://pivotal.io/security/cve-2018-1229"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:51:48.971Z"}, "title": "CVE Program Container", "references": [{"name": "103462", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103462"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://pivotal.io/security/cve-2018-1229"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2018-1229", "datePublished": "2018-03-21T20:00:00Z", "dateReserved": "2017-12-06T00:00:00", "dateUpdated": "2024-09-17T03:53:07.373Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:spring_batch_admin:*:*:*:*:*:*:*:*", "matchCriteriaId": "959C66B3-824B-4187-84BE-D31071FB6DC2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life."}, {"lang": "es", "value": "Pivotal Spring Batch Admin, en todas las versiones, contiene una vulnerabilidad Cross-Site Scripting (XSS) persistente en la caracter\u00edstica de subida de archivos. Un usuario malicioso no autenticado con acceso de red a Spring Batch Admin podr\u00eda almacenar un script web arbitrario que ser\u00eda ejecutado por otros usuarios. Este problema no ha sido parcheado debido a que Spring Batch Admin ha llegado al final de su ciclo de vida."}], "id": "CVE-2018-1229", "lastModified": "2024-11-21T03:59:25.580", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-21T20:29:00.917", "references": [{"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103462"}, {"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://pivotal.io/security/cve-2018-1229"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103462"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://pivotal.io/security/cve-2018-1229"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security_alert@emc.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}