CVE-2018-1230

Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life.

Published : 2018-03-21 20:29 Updated : 2019-10-09 23:38

6.8
CVSS Score More info
Score 6.8 / 10
6.8
Vendor Product Version URI
Pivotal Software Spring Batch Admin cpe:/a:pivotal_software:spring_batch_admin
  1. Pivotal Software (1) Search CVE
    1. Spring Batch Admin (1) Search CVE

CWE

ID Name Description Links
CWE-352 Cross-Site Request Forgery (CSRF) The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. CVE

History of changes

Date Event
2018-04-20 15:06
2018-03-23 01:29
2018-03-21 20:29

New CVE