Vulnerability Name: CVE-2018-1270 (CCN-141284) Assigned: 2017-12-06 Published: 2018-04-05 Updated: 2022-06-23 Summary: Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. CVSS v3 Severity: 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 8.8 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 8.8 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-94 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2018-1270 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html 103696 Pivotal Spring Framework CVE-2018-1270 Remote Code Execution Vulnerability RHSA-2018:2939 pivotal-cve20181270-code-exec(141284) [activemq-issues] 20190703 [jira] [Created] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) [activemq-issues] 20190826 [jira] [Created] (AMQ-7288) Security Vulnerabilities in ActiveMQ dependent libraries. [activemq-issues] 20190703 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar [activemq-issues] 20190718 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12 [debian-lts-announce] 20210423 [SECURITY] [DLA 2635-1] libspring-java security update Pivotal Spring Java Framework 5.0.x Remote Code Execution CVE-2018-1270: Remote Code Execution with spring-messaging https://pivotal.io/security/cve-2018-1270 44796 Offensive Security Exploit Database [05-29-2018] IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE) IBM Cognos Controller has addressed multiple vulnerabilities IBM Security Directory Integrator is affected by multiple security vulnerabilities IBM Security Directory Suite is vulnerable to multiple issues https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2021.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Vulnerable Configuration: Configuration 1 :cpe:/a:vmware:spring_framework:*:*:*:*:*:*:*:* (Version < 4.3.16)OR cpe:/a:vmware:spring_framework:*:*:*:*:*:*:*:* (Version >= 5.0.0 and < 5.0.5) Configuration 2 :cpe:/a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:* OR cpe:/a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* (Version < 8.3) OR cpe:/a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:* (Version < 10.2.1) OR cpe:/a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* (Version < 6.1.0.4.0) OR cpe:/a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* (Version < 7.0.0.1) OR cpe:/a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:* OR cpe:/a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:* OR cpe:/a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:14.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:14.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:14.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:14.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:14.1.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:15.0.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:15.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:15.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:16.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:16.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_point-of-sale:14.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_central_office:14.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_central_office:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_point-of-sale:14.1:*:*:*:*:*:*:* Configuration 3 :cpe:/a:redhat:fuse:1.0.0:*:*:*:*:*:*:* Configuration 4 :cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:pivotal:spring_framework:5.0.0:*:*:*:*:*:*:* OR cpe:/a:pivotal:spring_framework:5.0.4:*:*:*:*:*:*:* OR cpe:/a:pivotal:spring_framework:4.3:*:*:*:*:*:*:* OR cpe:/a:pivotal:spring_framework:4.3.14:*:*:*:*:*:*:* AND cpe:/a:ibm:security_identity_governance_and_intelligence:5.2:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.2:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.3:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.3.2:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.4:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.4.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_controller:10.4.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium_data_encryption:3.0.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:* Oval Definitions BACK
vmware spring framework *
vmware spring framework *
oracle retail xstore point of service 7.1
oracle enterprise manager ops center 12.2.2
oracle primavera gateway 16.2
oracle primavera gateway 15.2
oracle application testing suite 12.5.0.3
oracle retail back office 14.1
oracle retail back office 14.0
oracle enterprise manager ops center 12.3.3
oracle retail open commerce platform 6.0.1
oracle application testing suite 13.1.0.1
oracle application testing suite 13.2.0.1
oracle application testing suite 13.3.0.1
oracle communications diameter signaling router *
oracle communications performance intelligence center *
oracle communications services gatekeeper *
oracle health sciences information manager 3.0
oracle healthcare master person index 3.0
oracle healthcare master person index 4.0
oracle insurance calculation engine 10.2
oracle insurance rules palette 10.0
oracle insurance rules palette 10.2
oracle retail customer insights 15.0
oracle retail customer insights 16.0
oracle tape library acsls 8.4
oracle communications converged application server *
oracle service architecture leveraging tuxedo 12.1.3.0.0
oracle service architecture leveraging tuxedo 12.2.2.0.0
oracle big data discovery 1.6.0
oracle goldengate for big data 12.2.0.1
oracle goldengate for big data 12.3.1.1
oracle goldengate for big data 12.3.2.1
oracle insurance calculation engine 10.1.1
oracle insurance calculation engine 10.2.1
oracle insurance rules palette 10.1
oracle insurance rules palette 11.0
oracle insurance rules palette 11.1
oracle primavera gateway 17.12
oracle retail integration bus 14.0.1
oracle retail integration bus 14.0.2
oracle retail integration bus 14.0.3
oracle retail integration bus 14.0.4
oracle retail integration bus 14.1.1
oracle retail integration bus 14.1.2
oracle retail integration bus 14.1.3
oracle retail integration bus 15.0.0.1
oracle retail integration bus 15.0.1
oracle retail integration bus 15.0.2
oracle retail integration bus 16.0
oracle retail integration bus 16.0.1
oracle retail integration bus 16.0.2
oracle retail open commerce platform 5.3.0
oracle retail open commerce platform 6.0.0
oracle retail order broker 5.1
oracle retail order broker 5.2
oracle retail order broker 15.0
oracle retail order broker 16.0
oracle retail predictive application server 14.0
oracle retail predictive application server 14.1
oracle retail predictive application server 15.0
oracle retail predictive application server 16.0
oracle retail point-of-sale 14.0
oracle retail returns management 14.0
oracle retail returns management 14.1
oracle retail central office 14.0
oracle retail central office 14.1
oracle retail point-of-sale 14.1
redhat fuse 1.0.0
debian debian linux 9.0
pivotal spring framework 5.0.0
pivotal spring framework 5.0.4
pivotal spring framework 4.3
pivotal spring framework 4.3.14
ibm security identity governance and intelligence 5.2
ibm security identity governance and intelligence 5.2.1
ibm security identity governance and intelligence 5.2.2
ibm security identity governance and intelligence 5.2.2.1
ibm security identity governance and intelligence 5.2.3
ibm security identity governance and intelligence 5.2.3.1
ibm security identity governance and intelligence 5.2.3.2
ibm security identity governance and intelligence 5.2.4
ibm security identity governance and intelligence 5.2.4.1
ibm cognos controller 10.4.0
ibm cognos controller 10.4.1
ibm security guardium data encryption 3.0.0.2
ibm cognos controller 10.4.2
Denotes that component is vulnerable