CVE-2018-1229 - Vulnerability Details - OpenCVE

Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00304.

Key SSVC decision points have not yet been added.

Vendors	Products
Pivotal Software	Spring Batch Admin

Configuration 1 [-]

cpe:2.3:a:pivotal_software:spring_batch_admin:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-2359	Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.
Github GHSA	GHSA-4cj8-779h-r25h	Cross-site Scripting in Pivotal Spring Batch Admin

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.securityfocus.com/bid/103462
https://pivotal.io/security/cve-2018-1229

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2018-03-21T20:00:00Z

Updated: 2024-09-17T03:53:07.373Z

Reserved: 2017-12-06T00:00:00

Link: CVE-2018-1229

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-03-21T20:29:00.917

Modified: 2024-11-21T03:59:25.580

Link: CVE-2018-1229

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "Spring Batch Admin", "vendor": "Spring by Pivotal", "versions": [{"status": "affected", "version": "All"}]}], "datePublic": "2018-03-16T00:00:00", "descriptions": [{"lang": "en", "value": "Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 - Cross-site Scripting (XSS) - Stored", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-03-22T09:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "103462", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103462"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://pivotal.io/security/cve-2018-1229"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "DATE_PUBLIC": "2018-03-16T00:00:00", "ID": "CVE-2018-1229", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Spring Batch Admin", "version": {"version_data": [{"version_value": "All"}]}}]}, "vendor_name": "Spring by Pivotal"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 - Cross-site Scripting (XSS) - Stored"}]}]}, "references": {"reference_data": [{"name": "103462", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103462"}, {"name": "https://pivotal.io/security/cve-2018-1229", "refsource": "CONFIRM", "url": "https://pivotal.io/security/cve-2018-1229"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:51:48.971Z"}, "title": "CVE Program Container", "references": [{"name": "103462", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103462"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://pivotal.io/security/cve-2018-1229"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2018-1229", "datePublished": "2018-03-21T20:00:00Z", "dateReserved": "2017-12-06T00:00:00", "dateUpdated": "2024-09-17T03:53:07.373Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:spring_batch_admin:*:*:*:*:*:*:*:*", "matchCriteriaId": "959C66B3-824B-4187-84BE-D31071FB6DC2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life."}, {"lang": "es", "value": "Pivotal Spring Batch Admin, en todas las versiones, contiene una vulnerabilidad Cross-Site Scripting (XSS) persistente en la caracter\u00edstica de subida de archivos. Un usuario malicioso no autenticado con acceso de red a Spring Batch Admin podr\u00eda almacenar un script web arbitrario que ser\u00eda ejecutado por otros usuarios. Este problema no ha sido parcheado debido a que Spring Batch Admin ha llegado al final de su ciclo de vida."}], "id": "CVE-2018-1229", "lastModified": "2024-11-21T03:59:25.580", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-21T20:29:00.917", "references": [{"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103462"}, {"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://pivotal.io/security/cve-2018-1229"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103462"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://pivotal.io/security/cve-2018-1229"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security_alert@emc.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}