The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability bulletin CVE-2018-1270

Spring Framework: code execution via spring-messaging

Synthesis of the vulnerability

An attacker can use a vulnerability via spring-messaging of Spring Framework, in order to run code.
Vulnerable software: Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle Internet Directory, Tuxedo, Oracle Virtual Directory, WebLogic, Spring Framework, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Grid Computing, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/INSIGHT, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio.
Severity of this announce: 3/4.
Consequences of an intrusion: user access/rights.
Attacker's origin: intranet client.
Creation date: 06/04/2018.
Références of this computer vulnerability: cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2018-1270, VIGILANCE-VUL-25783.

Description of the vulnerability

An attacker can use a vulnerability via spring-messaging of Spring Framework, in order to run code.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a computer vulnerability announce. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The technology watch team tracks security threats targeting the computer system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.