Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM4C07D6EE5123AE741652C4B7A3AF9A9B73AE43C73CE3B09F46CBB5BCD4354B73
HistorySep 25, 2018 - 1:15 p.m.

Security Bulletin: Remote code execution vulnerability (CVE-2018-1260) affects IBM Spectrum Symphony 7.2.0.2 and 7.2.1

2018-09-2513:15:02
www.ibm.com
6

0.047 Low

EPSS

Percentile

92.7%

JSON

Summary

Interim fixes are needed to upgrade the Spring Security OAuth package in IBM Spectrum Symphony 7.2.0.2 and 7.2.1 to resolve the remote code execution vulnerability (CVE-2018-1260).

Vulnerability Details

CVEID: CVE-2018-1260 DESCRIPTION: Pivotal Spring Security OAuth could allow a remote attacker to execute arbitrary code on the system. By sending a specially crafted authorization request to the authorization endpoint, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143171&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM Spectrum Symphony 7.2.0.2 and 7.2.1

Remediation/Fixes

The fixes can be downloaded from IBM Fix Central:

sym-7.2.0.2-build496164:

http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.0.2-build496164&includeSupersedes=0

sym-7.2.1-build496413:

http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.1-build496413&includeSupersedes=0

Workarounds and Mitigations

None.

Related

redhatcve 1
nvd 1
osv 2
prion 1
cvelist 1
github 1
f5 1
seebug 1
cve 1
veracode 1
redhat 2
impervablog 1
redhatcve
redhatcve
CVE-2018-1260
2018-05-30 19:19:20
nvd
nvd
CVE-2018-1260
2018-05-11 20:29:00
osv
osv
Spring Security OAuth vulnerable to remote code execution (RCE)
2018-10-18 18:05:34
CVE-2018-1260
2018-05-11 20:29:00
prion
prion
Remote code execution
2018-05-11 20:29:00
cvelist
cvelist
CVE-2018-1260
2018-05-09 00:00:00
github
github
Spring Security OAuth vulnerable to remote code execution (RCE)
2018-10-18 18:05:34
f5
f5
K10520421 : Spring Security OAuth vulnerability CVE-2018-1260
2018-05-29 00:00:00
seebug
seebug
RCE with spring-security-oauth2 分析(CVE-2018-1260)
2018-05-11 00:00:00
cve
cve
CVE-2018-1260
2018-05-11 20:29:00
veracode
veracode
Remote Code Execution (RCE)
2018-05-10 06:42:48
redhat
redhat
(RHSA-2018:1809) Important: Red Hat OpenShift Application Runtimes Spring Boot security and bug fix update
2018-06-07 08:25:02
(RHSA-2018:2939) Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update
2018-10-17 19:27:11
impervablog
impervablog
Imperva Protects from New Spring Framework Zero-Day Vulnerabilities
2022-03-31 15:20:03

0.047 Low

EPSS

Percentile

92.7%

JSON
Related for 4C07D6EE5123AE741652C4B7A3AF9A9B73AE43C73CE3B09F46CBB5BCD4354B73
redhatcve1nvd1osv2prion1cvelist1github1f51seebug1cve1veracode1redhat2impervablog1