CVE-2018-1275
CVSS v3.1
9.8 (Critical)
CVSS v2.0
7.5 (High)
EPSS
18.16 % (96th)
Affected Products
19
Advisories
1
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.
Weaknesses
- CWE-358
- Improperly Implemented Security Check for Standard
- CWE-94
- Improper Control of Generation of Code ('Code Injection')
Related CVEs
- CVE Status
- PUBLISHED
- CNA
- Dell
- Published Date
-
2018-04-11 13:29:00
(6 years ago) - Updated Date
-
2023-11-07 02:55:54
(10 months ago)
Affected Products
- Application Testing Suite
- Big Data Discovery
- Communications Converged Application Server
- Communications Diameter Signaling Router
- Communications Performance Intelligence Center
- Communications Services Gatekeeper
- Goldengate For Big Data
- Healthcare Master Person Index
- Health Sciences Information Manager
- Insurance Calculation Engine
- Insurance Rules Palette
- Primavera Gateway
- Retail Customer Insights
- Retail Open Commerce Platform
- Retail Order Broker
- Retail Predictive Application Server
- Service Architecture Leveraging Tuxedo
- Tape Library Acsls
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...