CVE-2018-1230

Summary

Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life.

Affected Software

VendorProductVersion RangeStatus
Spring by PivotalSpring Batch AdminAllaffected

Weaknesses

  • CWE-352: CWE-352 - Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

References