Cross-Site Request Forgery Vulnerability in Pivotal Spring Batch Admin
CVE-2018-1230

8.8HIGH

Key Information:

Vendor: Spring By Pivotal
Status: Spring Batch Admin
Vendor: CVE Published:; 21 March 2018

🔔 Create Spring By Pivotal Vulnerability Alert

What is CVE-2018-1230?

Pivotal Spring Batch Admin is vulnerable to cross-site request forgery, allowing remote unauthenticated users to craft malicious sites that execute unauthorized requests to the application. This vulnerability arises from the absence of CSRF protection. As Spring Batch Admin has reached its end of life, no patches are available to mitigate these risks, leaving installations exposed to potential exploitation.

Affected Version(s)

Spring Batch Admin All

References

https://pivotal.io/security/cve-2018-1230

x_refsource_CONFIRM

http://www.securityfocus.com/bid/103463

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 21, 2018
Vulnerability Reserved
Dec 6, 2017