Vulnerability-Lookup

CVE-2018-1229 (GCVE-0-2018-1229)

Vulnerability from cvelistv5 – Published: 2018-03-21 20:00 – Updated: 2024-09-17 03:53

Summary

Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.

Severity ?

No CVSS data available.

CWE

CWE-79 - - Cross-site Scripting (XSS) - Stored

Assigner

dell

References

URL

Tags

	http://www.securityfocus.com/bid/103462	vdb-entryx_refsource_BID
	https://pivotal.io/security/cve-2018-1229	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Spring by Pivotal	Spring Batch Admin	Affected: All

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:51:48.971Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "103462",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103462"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2018-1229"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Batch Admin",
          "vendor": "Spring by Pivotal",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        }
      ],
      "datePublic": "2018-03-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 - Cross-site Scripting (XSS) - Stored",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-22T09:57:01.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "103462",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103462"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2018-1229"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "DATE_PUBLIC": "2018-03-16T00:00:00",
          "ID": "CVE-2018-1229",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring Batch Admin",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Spring by Pivotal"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 - Cross-site Scripting (XSS) - Stored"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "103462",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103462"
            },
            {
              "name": "https://pivotal.io/security/cve-2018-1229",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2018-1229"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2018-1229",
    "datePublished": "2018-03-21T20:00:00.000Z",
    "dateReserved": "2017-12-06T00:00:00.000Z",
    "dateUpdated": "2024-09-17T03:53:07.373Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2018-1229

Vulnerability from fkie_nvd - Published: 2018-03-21 20:29 - Updated: 2024-11-21 03:59

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
security_alert@emc.com	http://www.securityfocus.com/bid/103462	Third Party Advisory, VDB Entry
security_alert@emc.com	https://pivotal.io/security/cve-2018-1229	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103462	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://pivotal.io/security/cve-2018-1229	Vendor Advisory

Impacted products

	Vendor	Product	Version
	pivotal_software	spring_batch_admin	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pivotal_software:spring_batch_admin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "959C66B3-824B-4187-84BE-D31071FB6DC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life."
    },
    {
      "lang": "es",
      "value": "Pivotal Spring Batch Admin, en todas las versiones, contiene una vulnerabilidad Cross-Site Scripting (XSS) persistente en la caracter\u00edstica de subida de archivos. Un usuario malicioso no autenticado con acceso de red a Spring Batch Admin podr\u00eda almacenar un script web arbitrario que ser\u00eda ejecutado por otros usuarios. Este problema no ha sido parcheado debido a que Spring Batch Admin ha llegado al final de su ciclo de vida."
    }
  ],
  "id": "CVE-2018-1229",
  "lastModified": "2024-11-21T03:59:25.580",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-21T20:29:00.917",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103462"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-1229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103462"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-1229"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security_alert@emc.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2018-1229

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-1229

Aliases

CVE-2018-1229

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-1229",
    "description": "Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.",
    "id": "GSD-2018-1229"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-1229"
      ],
      "details": "Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.",
      "id": "GSD-2018-1229",
      "modified": "2023-12-13T01:22:37.418617Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "DATE_PUBLIC": "2018-03-16T00:00:00",
        "ID": "CVE-2018-1229",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Spring Batch Admin",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Spring by Pivotal"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-79 - Cross-site Scripting (XSS) - Stored"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "103462",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/103462"
          },
          {
            "name": "https://pivotal.io/security/cve-2018-1229",
            "refsource": "CONFIRM",
            "url": "https://pivotal.io/security/cve-2018-1229"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:spring_batch_admin:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2018-1229"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://pivotal.io/security/cve-2018-1229",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://pivotal.io/security/cve-2018-1229"
            },
            {
              "name": "103462",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/103462"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2019-10-09T23:38Z",
      "publishedDate": "2018-03-21T20:29Z"
    }
  }
}

CNVD-2018-06258

Vulnerability from cnvd - Published: 2018-03-26

Title

Pivotal Spring Batch Admin跨站脚本漏洞

Description

Pivotal Spring Batch Admin是美国Pivotal Software公司的一套用于监控管理Spring Batch系统的开源工具。 Pivotal Spring Batch Admin中的文件上传功能存在跨站脚本漏洞。远程攻击者可通过发送特制的请求利用该漏洞注入任意的Web脚本或HTML。

Severity

中

Patch Name

Pivotal Spring Batch Admin跨站脚本漏洞的补丁

Patch Description

Pivotal Spring Batch Admin是美国Pivotal Software公司的一套用于监控管理Spring Batch系统的开源工具。 Pivotal Spring Batch Admin中的文件上传功能存在跨站脚本漏洞。远程攻击者可通过发送特制的请求利用该漏洞注入任意的Web脚本或HTML。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可联系供应商获得补丁信息： https://pivotal.io/

Reference

https://pivotal.io/security/cve-2018-1229 https://www.securityfocus.com/bid/103462

Impacted products

Name
Pivotal Software Spring Batch Admin

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1229"
    }
  },
  "description": "Pivotal Spring Batch Admin\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u76d1\u63a7\u7ba1\u7406Spring Batch\u7cfb\u7edf\u7684\u5f00\u6e90\u5de5\u5177\u3002\r\n\r\nPivotal Spring Batch Admin\u4e2d\u7684\u6587\u4ef6\u4e0a\u4f20\u529f\u80fd\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u7684Web\u811a\u672c\u6216HTML\u3002",
  "discovererName": "Wen Bin Kong",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://pivotal.io/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-06258",
  "openTime": "2018-03-26",
  "patchDescription": "Pivotal Spring Batch Admin\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u76d1\u63a7\u7ba1\u7406Spring Batch\u7cfb\u7edf\u7684\u5f00\u6e90\u5de5\u5177\u3002\r\n\r\nPivotal Spring Batch Admin\u4e2d\u7684\u6587\u4ef6\u4e0a\u4f20\u529f\u80fd\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u7684Web\u811a\u672c\u6216HTML\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Pivotal Spring Batch Admin\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Pivotal Software Spring Batch Admin"
  },
  "referenceLink": "https://pivotal.io/security/cve-2018-1229\r\nhttps://www.securityfocus.com/bid/103462",
  "serverity": "\u4e2d",
  "submitTime": "2018-03-23",
  "title": "Pivotal Spring Batch Admin\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

GHSA-4CJ8-779H-R25H

Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2024-01-05 22:29

Summary

Cross-site Scripting in Pivotal Spring Batch Admin

Details

Severity ?

6.1 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.batch:spring-batch-admin-manager"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.0.0.M1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-1229"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-05T22:29:27Z",
    "nvd_published_at": "2018-03-21T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.",
  "id": "GHSA-4cj8-779h-r25h",
  "modified": "2024-01-05T22:29:27Z",
  "published": "2022-05-13T01:33:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1229"
    },
    {
      "type": "WEB",
      "url": "https://pivotal.io/security/cve-2018-1229"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103462"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cross-site Scripting in Pivotal Spring Batch Admin"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-1229 (GCVE-0-2018-1229)

FKIE_CVE-2018-1229

GSD-2018-1229

CNVD-2018-06258

GHSA-4CJ8-779H-R25H

Tags

Sightings

Nomenclature