Vulnerability Name: CVE-2018-1272 (CCN-141286) Assigned: 2017-12-06 Published: 2018-04-05 Updated: 2022-06-23 Summary: Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. CVSS v3 Severity: 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
5.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 4.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Gain Privileges References: Source: MITRECVE-2018-1272 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html 103697 Pivotal Spring Framework CVE-2018-1272 Remote Privilege Escalation Vulnerability RHSA-2018:1320 RHSA-2018:2669 pivotal-cve20181272-priv-esc(141286) CVE-2018-1272: Multipart Content Pollution with Spring Framework https://pivotal.io/security/cve-2018-1272 IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities Multiple Vulnerabilities identified in IBM StoredIQ Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE) IBM Cognos Controller has addressed multiple vulnerabilities Multiple vulnerabilities found on thirdparty libraries used by IBM MobileFirst Platform IBM Security Directory Integrator is affected by multiple security vulnerabilities IBM Engineering Requirements Management DOORS/DWA vulnerabilities fixes for 9.7.2.6 IBM Security Directory Suite is vulnerable to multiple issues https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2021.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Vulnerable Configuration: Configuration 1 :cpe:/a:vmware:spring_framework:*:*:*:*:*:*:*:* (Version >= 4.3.0 and < 4.3.15)OR cpe:/a:vmware:spring_framework:*:*:*:*:*:*:*:* (Version >= 5.0 and < 5.0.5) Configuration 2 :cpe:/a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:* OR cpe:/a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:* OR cpe:/a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* (Version < 7.0.0.1) OR cpe:/a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* (Version < 8.3) OR cpe:/a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:* (Version < 10.2.1) OR cpe:/a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* (Version < 6.1.0.4.0) OR cpe:/a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:* OR cpe:/a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:* OR cpe:/a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:15.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:14.1.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:* OR cpe:/a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:* OR cpe:/a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:16.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:15.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:* OR cpe:/a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:14.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:14.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:14.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:14.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:16.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:15.0.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_point-of-sale:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_point-of-sale:14.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_central_office:14.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_central_office:14.1:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:pivotal:spring_framework:5.0.0:*:*:*:*:*:*:* OR cpe:/a:pivotal:spring_framework:5.0.4:*:*:*:*:*:*:* OR cpe:/a:pivotal:spring_framework:4.3:*:*:*:*:*:*:* OR cpe:/a:pivotal:spring_framework:4.3.14:*:*:*:*:*:*:* AND cpe:/a:ibm:security_identity_governance_and_intelligence:5.2:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.2:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.3:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.3.2:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.4:*:*:*:*:*:*:* OR cpe:/a:ibm:storediq:7.6.0:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.4.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_controller:10.4.0:*:*:*:*:*:*:* OR cpe:/a:ibm:mobilefirst_platform_foundation:8.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium_data_encryption:3.0.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:* Oval Definitions BACK
vmware spring framework *
vmware spring framework *
oracle enterprise manager ops center 12.2.2
oracle primavera gateway 16.2
oracle primavera gateway 15.2
oracle application testing suite 12.5.0.3
oracle retail back office 14.1
oracle retail back office 14.0
oracle enterprise manager ops center 12.3.3
oracle retail open commerce platform 6.0.1
oracle application testing suite 13.1.0.1
oracle healthcare master person index 3.0
oracle healthcare master person index 4.0
oracle insurance calculation engine 10.2
oracle application testing suite 13.2.0.1
oracle health sciences information manager 3.0
oracle communications converged application server *
oracle communications diameter signaling router *
oracle communications performance intelligence center *
oracle communications services gatekeeper *
oracle retail customer insights 15.0
oracle retail customer insights 16.0
oracle tape library acsls 8.4
oracle application testing suite 13.3.0.1
oracle insurance rules palette 10.0
oracle insurance rules palette 10.2
oracle retail predictive application server 14.0
oracle service architecture leveraging tuxedo 12.2.2.0.0
oracle service architecture leveraging tuxedo 12.1.3.0.0
oracle retail integration bus 15.0.2
oracle retail integration bus 14.1.1
oracle retail integration bus 14.1.2
oracle retail integration bus 14.1.3
oracle retail predictive application server 15.0
oracle retail predictive application server 16.0
oracle retail order broker 5.1
oracle retail order broker 5.2
oracle retail order broker 15.0
oracle insurance calculation engine 10.2.1
oracle primavera gateway 17.12
oracle big data discovery 1.6.0
oracle goldengate for big data 12.2.0.1
oracle retail integration bus 16.0.1
oracle retail integration bus 15.0.1
oracle retail order broker 16.0
oracle retail open commerce platform 6.0.0
oracle insurance calculation engine 10.1.1
oracle insurance rules palette 10.1
oracle insurance rules palette 11.0
oracle goldengate for big data 12.3.2.1
oracle retail integration bus 14.0.1
oracle retail integration bus 14.0.2
oracle retail integration bus 14.0.3
oracle retail integration bus 14.0.4
oracle retail integration bus 16.0
oracle insurance rules palette 11.1
oracle retail integration bus 16.0.2
oracle retail integration bus 15.0.0.1
oracle retail returns management 14.0
oracle retail predictive application server 14.1
oracle retail open commerce platform 5.3.0
oracle goldengate for big data 12.3.1.1
oracle retail returns management 14.1
oracle retail point-of-sale 14.1
oracle retail point-of-sale 14.0
oracle retail central office 14.0
oracle retail central office 14.1
pivotal spring framework 5.0.0
pivotal spring framework 5.0.4
pivotal spring framework 4.3
pivotal spring framework 4.3.14
ibm security identity governance and intelligence 5.2
ibm security identity governance and intelligence 5.2.1
ibm security identity governance and intelligence 5.2.2
ibm security identity governance and intelligence 5.2.2.1
ibm security identity governance and intelligence 5.2.3
ibm security identity governance and intelligence 5.2.3.1
ibm security identity governance and intelligence 5.2.3.2
ibm security identity governance and intelligence 5.2.4
ibm storediq 7.6.0
ibm security identity governance and intelligence 5.2.4.1
ibm cognos controller 10.4.0
ibm mobilefirst platform foundation 8.0.0
ibm cognos controller 10.4.1
ibm security guardium data encryption 3.0.0.2
ibm cognos controller 10.4.2
Denotes that component is vulnerable