Zurück zur CVE-Übersicht
CVE-2018-1273
CRITICAL(9.8)KEV — Aktiv ausgenutztCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Risk Signal Score83/100 — KRITISCH
- CVSS 9.8 — Kritisch
- EPSS 96% — sehr wahrscheinlich ausgenutzt
- Im CISA KEV-Katalog (aktiv ausgenutzt)
CISA KEV
Bestätigt ausgenutzt
EPSS-Score
96%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
9.8
Technische Schwere
Beschreibung
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
Referenzen
- http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmC...
- https://pivotal.io/security/cve-2018-1273
- https://www.oracle.com/security-alerts/cpujul2022.html
- http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmC...
- https://pivotal.io/security/cve-2018-1273
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-...