Stored XSS Vulnerability in Pivotal Spring Batch Admin
CVE-2018-1229

6.1MEDIUM

Key Information:

Vendor: Spring By Pivotal
Status: Spring Batch Admin
Vendor: CVE Published:; 21 March 2018

What is CVE-2018-1229?

A stored XSS vulnerability exists in Pivotal Spring Batch Admin's file upload feature. This flaw allows an unauthenticated user with network access to store and execute arbitrary web scripts on the browsers of other users, leading to possible compromise of sensitive information and user sessions. It is crucial to note that the product has reached its end of life and is no longer being patched, which heightens the urgency for affected organizations to implement mitigation strategies.

Affected Version(s)

Spring Batch Admin All

References

http://www.securityfocus.com/bid/103462

vdb-entryx_refsource_BID

https://pivotal.io/security/cve-2018-1229

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 21, 2018
Vulnerability Reserved
Dec 6, 2017

Spring By Pivotal

What is CVE-2018-1229?

Affected Version(s)

References

CVSS V3.1

Timeline