Vulnerability-Lookup

BDU:2019-01760

Vulnerability from fstec - Published: 09.05.2018

Title

Уязвимость компонента Spring Framework программных продуктов Oracle, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Description

Уязвимость компонента Spring Framework программных продуктов Oracle связана с неправильной авторизацией. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации

Severity ?


                    
                      AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor

Oracle Corp., Pivotal Software Inc., Red Hat Inc.

Software Name

Enterprise Manager Ops Center, Enterprise Repository, Insurance Policy Administration, PeopleSoft Enterprise FIN Install, Retail Back Office, Retail Central Office, Retail Returns Management, Retail Point-of-Service, MySQL Enterprise Monitor, Communications Diameter Signaling Router, Oracle Endeca Information Discovery Integrator, WebLogic Server, WebCenter Sites, Oracle Retail Order Broker, Enterprise Manager Base Platform, Spring Framework, Oracle Communications Unified Inventory Management, Oracle FLEXCUBE Private Banking, Oracle Utilities Network Management System, Communications Converged Application Server, Insurance Policy Administration J2EE, Financial Services Analytical Applications Infrastructure, Jboss Fuse, Oracle Hospitality Guest Access, Application Testing Suite, Primavera Gateway, Retail Xstore Point of Service, Oracle Retail Clearance Optimization Engine, Oracle Retail Markdown Optimization, Oracle Retail Customer Insights, Communications Online Mediation Controller, Primavera Analytics, Retail Integration Bus, Oracle Retail Predictive Application Server, Oracle Retail Assortment Planning, Oracle Big Data Discovery, Oracle Insurance Calculation Engine, Oracle Insurance Rules Palette, Oracle Retail Financial Integration, Oracle Retail Service Backbone, Oracle Healthcare Master Person Index, Oracle Agile PLM, Financial Services Behavior Detection Platform, MICROS Lucas, Enterprise Manager for MySQL Database, Oracle GoldenGate for Big Data, Tape Library ACSLS, Oracle Communications Services Gatekeeper, Retail Open Commerce Platform, Oracle Health Sciences Information Manager, Oracle Service Architecture Leveraging Tuxedo, Communications Performance Intelligence Center (PIC) Software, Enterprise Manager for Fusion Applications

Software Version

12.2.2 (Enterprise Manager Ops Center), 12.3.3 (Enterprise Manager Ops Center), 11.1.1.7.0 (Enterprise Repository), 12.1.3.0.0 (Enterprise Repository), 10.0 (Insurance Policy Administration), 10.1 (Insurance Policy Administration), 10.2 (Insurance Policy Administration), 11.0 (Insurance Policy Administration), 9.2 (PeopleSoft Enterprise FIN Install), 14.0 (Retail Back Office), 14.1 (Retail Back Office), 14.0 (Retail Central Office), 14.1 (Retail Central Office), 14.0 (Retail Returns Management), 14.1 (Retail Returns Management), 14.0 (Retail Point-of-Service), 14.1 (Retail Point-of-Service), до 3.4.9.4237 включительно (MySQL Enterprise Monitor), до 4.0.6.5281 включительно (MySQL Enterprise Monitor), до 8.0.2.8191 включительно (MySQL Enterprise Monitor), до 8.3 (Communications Diameter Signaling Router), 3.2.0 (Oracle Endeca Information Discovery Integrator), 3.1.0 (Oracle Endeca Information Discovery Integrator), 12.2.1.3.0 (WebLogic Server), 12.2.1.3.0 (WebCenter Sites), 5.1 (Oracle Retail Order Broker), 5.2 (Oracle Retail Order Broker), 15.0 (Oracle Retail Order Broker), 16.0 (Oracle Retail Order Broker), 13.2.0.0.0 (Enterprise Manager Base Platform), 13.3.0.0.0 (Enterprise Manager Base Platform), 5.0.5 (Spring Framework), 12.1.0.5.0 (Enterprise Manager Base Platform), 7.3.2 (Oracle Communications Unified Inventory Management), 7.3.4 (Oracle Communications Unified Inventory Management), 7.3.5 (Oracle Communications Unified Inventory Management), 7.4.0 (Oracle Communications Unified Inventory Management), 2.0.0.0 (Oracle FLEXCUBE Private Banking), 2.2.0.1 (Oracle FLEXCUBE Private Banking), 12.0.1.0 (Oracle FLEXCUBE Private Banking), 12.0.3.0 (Oracle FLEXCUBE Private Banking), 12.1.0.0 (Oracle FLEXCUBE Private Banking), 1.12.0.3 (Oracle Utilities Network Management System), до 7.0.0.1 (Communications Converged Application Server), 10.0 (Insurance Policy Administration J2EE), 10.2 (Insurance Policy Administration J2EE), 8.0.0.0.0 (Financial Services Analytical Applications Infrastructure), 7 (Jboss Fuse), 4.2.0 (Oracle Hospitality Guest Access), 4.2.1 (Oracle Hospitality Guest Access), 13.3.0.1 (Application Testing Suite), 15.2 (Primavera Gateway), 16.2 (Primavera Gateway), 17.12 (Primavera Gateway), 18.8 (Primavera Gateway), 17.0 (Retail Xstore Point of Service), от 8.0.2 до 8.0.8 включительно (Financial Services Analytical Applications Infrastructure), 12.5.0.3 (Application Testing Suite), 13.1.0.1 (Application Testing Suite), 13.2.0.1 (Application Testing Suite), 14.0.5 (Oracle Retail Clearance Optimization Engine), 13.4.4 (Oracle Retail Markdown Optimization), 15.0 (Oracle Retail Customer Insights), 16.0 (Oracle Retail Customer Insights), 6.1 (Communications Online Mediation Controller), 18.8 (Primavera Analytics), 15.0 (Retail Integration Bus), 16.0 (Retail Integration Bus), 6.0 (Communications Converged Application Server), 6.1 (Communications Converged Application Server), 16.0 (Oracle Retail Predictive Application Server), 14.0.3.26 (Oracle Retail Predictive Application Server), 14.1.3.37 (Oracle Retail Predictive Application Server), 15.0.3.100 (Oracle Retail Predictive Application Server), 15.0 (Oracle Retail Assortment Planning), 16.0 (Oracle Retail Assortment Planning), 1.6 (Oracle Big Data Discovery), 9.7 (Oracle Insurance Calculation Engine), 10.0 (Oracle Insurance Calculation Engine), 10.1 (Oracle Insurance Calculation Engine), 10.2 (Oracle Insurance Calculation Engine), 10.1 (Insurance Policy Administration J2EE), 11.0 (Insurance Policy Administration J2EE), 10.0 (Oracle Insurance Rules Palette), 10.1 (Oracle Insurance Rules Palette), 10.2 (Oracle Insurance Rules Palette), 11.0 (Oracle Insurance Rules Palette), от 4.0.0 до 4.0.9 включительно (MySQL Enterprise Monitor), от 8.0.0 до 8.0.14 включительно (MySQL Enterprise Monitor), 14.0 (Oracle Retail Financial Integration), 14.1 (Oracle Retail Financial Integration), 15.0 (Oracle Retail Financial Integration), 16.0 (Oracle Retail Financial Integration), 16.0.1 (Oracle Retail Service Backbone), 3.0 (Oracle Healthcare Master Person Index), 9.3.3 (Oracle Agile PLM), 9.3.5 (Oracle Agile PLM), 9.3.6 (Oracle Agile PLM), 8.0.0 (Financial Services Behavior Detection Platform), 2.9.5 (MICROS Lucas), 14.0.0 (Retail Integration Bus), 14.1.0 (Retail Integration Bus), 14.1.2 (Retail Integration Bus), 13.2 (Enterprise Manager for MySQL Database), 14.1 (Oracle Retail Assortment Planning), 13.2 (Oracle Retail Financial Integration), 9.3.4 (Oracle Agile PLM), 12.2.0.1 (Oracle GoldenGate for Big Data), 12.3.1.1 (Oracle GoldenGate for Big Data), 12.3.2.1 (Oracle GoldenGate for Big Data), 10.1.1 (Oracle Insurance Calculation Engine), 10.2.1 (Oracle Insurance Calculation Engine), 11.1 (Oracle Insurance Rules Palette), 14.0 (Oracle Retail Predictive Application Server), 14.1 (Oracle Retail Predictive Application Server), 15.0 (Oracle Retail Predictive Application Server), 8.4 (Tape Library ACSLS), до 6.1.0.4.0 (Oracle Communications Services Gatekeeper), 4.0 (Oracle Healthcare Master Person Index), 5.3.0 (Retail Open Commerce Platform), 6.0.0 (Retail Open Commerce Platform), 6.0.1 (Retail Open Commerce Platform), 3.0 (Oracle Health Sciences Information Manager), 12.1.3.0.0 (Oracle Service Architecture Leveraging Tuxedo), 12.2.2.0.0 (Oracle Service Architecture Leveraging Tuxedo), до 10.2.1 (Communications Performance Intelligence Center (PIC) Software), 13.3.0.0 (Enterprise Manager for Fusion Applications)

Possible Mitigations

Для программной платформы Spring Framework использование рекомендаций: https://pivotal.io/security/cve-2018-1258 Для продуктов Oracle: https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html Для Red Hat: https://access.redhat.com/security/cve/CVE-2018-1258?extIdCarryOver=true&sc_cid=701f2000001OH7JAAW

Reference

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/104222 http://www.securitytracker.com/id/1041888 http://www.securitytracker.com/id/1041896 https://access.redhat.com/errata/RHSA-2019:2413 https://pivotal.io/security/cve-2018-1258 https://security.netapp.com/advisory/ntap-20181018-0002/ https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

CWE

CWE-285, CWE-863

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Oracle Corp., Pivotal Software Inc., Red Hat Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "12.2.2 (Enterprise Manager Ops Center), 12.3.3 (Enterprise Manager Ops Center), 11.1.1.7.0 (Enterprise Repository), 12.1.3.0.0 (Enterprise Repository), 10.0 (Insurance Policy Administration), 10.1 (Insurance Policy Administration), 10.2 (Insurance Policy Administration), 11.0 (Insurance Policy Administration), 9.2 (PeopleSoft Enterprise FIN Install), 14.0 (Retail Back Office), 14.1 (Retail Back Office), 14.0 (Retail Central Office), 14.1 (Retail Central Office), 14.0 (Retail Returns Management), 14.1 (Retail Returns Management), 14.0 (Retail Point-of-Service), 14.1 (Retail Point-of-Service), \u0434\u043e 3.4.9.4237 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Enterprise Monitor), \u0434\u043e 4.0.6.5281 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Enterprise Monitor), \u0434\u043e 8.0.2.8191 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Enterprise Monitor), \u0434\u043e 8.3 (Communications Diameter Signaling Router), 3.2.0 (Oracle Endeca Information Discovery Integrator), 3.1.0 (Oracle Endeca Information Discovery Integrator), 12.2.1.3.0 (WebLogic Server), 12.2.1.3.0 (WebCenter Sites), 5.1 (Oracle Retail Order Broker), 5.2 (Oracle Retail Order Broker), 15.0 (Oracle Retail Order Broker), 16.0 (Oracle Retail Order Broker), 13.2.0.0.0 (Enterprise Manager Base Platform), 13.3.0.0.0 (Enterprise Manager Base Platform), 5.0.5 (Spring Framework), 12.1.0.5.0 (Enterprise Manager Base Platform), 7.3.2 (Oracle Communications Unified Inventory Management), 7.3.4 (Oracle Communications Unified Inventory Management), 7.3.5 (Oracle Communications Unified Inventory Management), 7.4.0 (Oracle Communications Unified Inventory Management), 2.0.0.0 (Oracle FLEXCUBE Private Banking), 2.2.0.1 (Oracle FLEXCUBE Private Banking), 12.0.1.0 (Oracle FLEXCUBE Private Banking), 12.0.3.0 (Oracle FLEXCUBE Private Banking), 12.1.0.0 (Oracle FLEXCUBE Private Banking), 1.12.0.3 (Oracle Utilities Network Management System), \u0434\u043e 7.0.0.1 (Communications Converged Application Server), 10.0 (Insurance Policy Administration J2EE), 10.2 (Insurance Policy Administration J2EE), 8.0.0.0.0 (Financial Services Analytical Applications Infrastructure), 7 (Jboss Fuse), 4.2.0 (Oracle Hospitality Guest Access), 4.2.1 (Oracle Hospitality Guest Access), 13.3.0.1 (Application Testing Suite), 15.2 (Primavera Gateway), 16.2 (Primavera Gateway), 17.12 (Primavera Gateway), 18.8 (Primavera Gateway), 17.0 (Retail Xstore Point of Service), \u043e\u0442 8.0.2 \u0434\u043e 8.0.8 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Financial Services Analytical Applications Infrastructure), 12.5.0.3 (Application Testing Suite), 13.1.0.1 (Application Testing Suite), 13.2.0.1 (Application Testing Suite), 14.0.5 (Oracle Retail Clearance Optimization Engine), 13.4.4 (Oracle Retail Markdown Optimization), 15.0 (Oracle Retail Customer Insights), 16.0 (Oracle Retail Customer Insights), 6.1 (Communications Online Mediation Controller), 18.8 (Primavera Analytics), 15.0 (Retail Integration Bus), 16.0 (Retail Integration Bus), 6.0 (Communications Converged Application Server), 6.1 (Communications Converged Application Server), 16.0 (Oracle Retail Predictive Application Server), 14.0.3.26 (Oracle Retail Predictive Application Server), 14.1.3.37 (Oracle Retail Predictive Application Server), 15.0.3.100 (Oracle Retail Predictive Application Server), 15.0 (Oracle Retail Assortment Planning), 16.0 (Oracle Retail Assortment Planning), 1.6 (Oracle Big Data Discovery), 9.7 (Oracle Insurance Calculation Engine), 10.0 (Oracle Insurance Calculation Engine), 10.1 (Oracle Insurance Calculation Engine), 10.2 (Oracle Insurance Calculation Engine), 10.1 (Insurance Policy Administration J2EE), 11.0 (Insurance Policy Administration J2EE), 10.0 (Oracle Insurance Rules Palette), 10.1 (Oracle Insurance Rules Palette), 10.2 (Oracle Insurance Rules Palette), 11.0 (Oracle Insurance Rules Palette), \u043e\u0442 4.0.0 \u0434\u043e 4.0.9 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Enterprise Monitor), \u043e\u0442 8.0.0 \u0434\u043e 8.0.14 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Enterprise Monitor), 14.0 (Oracle Retail Financial Integration), 14.1 (Oracle Retail Financial Integration), 15.0 (Oracle Retail Financial Integration), 16.0 (Oracle Retail Financial Integration), 16.0.1 (Oracle Retail Service Backbone), 3.0 (Oracle Healthcare Master Person Index), 9.3.3 (Oracle Agile PLM), 9.3.5 (Oracle Agile PLM), 9.3.6 (Oracle Agile PLM), 8.0.0 (Financial Services Behavior Detection Platform), 2.9.5 (MICROS Lucas), 14.0.0 (Retail Integration Bus), 14.1.0 (Retail Integration Bus), 14.1.2 (Retail Integration Bus), 13.2 (Enterprise Manager for MySQL Database), 14.1 (Oracle Retail Assortment Planning), 13.2 (Oracle Retail Financial Integration), 9.3.4 (Oracle Agile PLM), 12.2.0.1 (Oracle GoldenGate for Big Data), 12.3.1.1 (Oracle GoldenGate for Big Data), 12.3.2.1 (Oracle GoldenGate for Big Data), 10.1.1 (Oracle Insurance Calculation Engine), 10.2.1 (Oracle Insurance Calculation Engine), 11.1 (Oracle Insurance Rules Palette), 14.0 (Oracle Retail Predictive Application Server), 14.1 (Oracle Retail Predictive Application Server), 15.0 (Oracle Retail Predictive Application Server), 8.4 (Tape Library ACSLS), \u0434\u043e 6.1.0.4.0 (Oracle Communications Services Gatekeeper), 4.0 (Oracle Healthcare Master Person Index), 5.3.0 (Retail Open Commerce Platform), 6.0.0 (Retail Open Commerce Platform), 6.0.1 (Retail Open Commerce Platform), 3.0 (Oracle Health Sciences Information Manager), 12.1.3.0.0 (Oracle Service Architecture Leveraging Tuxedo), 12.2.2.0.0 (Oracle Service Architecture Leveraging Tuxedo), \u0434\u043e 10.2.1 (Communications Performance Intelligence Center (PIC) Software), 13.3.0.0 (Enterprise Manager for Fusion Applications)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Spring Framework \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\nhttps://pivotal.io/security/cve-2018-1258\n\n\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle:\n\nhttps://www.oracle.com/security-alerts/cpuapr2020.html\nhttps://www.oracle.com/security-alerts/cpujan2020.html\nhttps://www.oracle.com/security-alerts/cpujan2021.html\nhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\nhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\nhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\n\n\u0414\u043b\u044f Red Hat:\nhttps://access.redhat.com/security/cve/CVE-2018-1258?extIdCarryOver=true\u0026sc_cid=701f2000001OH7JAAW",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "09.05.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.05.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-01760",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-1258",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Enterprise Manager Ops Center, Enterprise Repository, Insurance Policy Administration, PeopleSoft Enterprise FIN Install, Retail Back Office, Retail Central Office, Retail Returns Management, Retail Point-of-Service, MySQL Enterprise Monitor, Communications Diameter Signaling Router, Oracle Endeca Information Discovery Integrator, WebLogic Server, WebCenter Sites, Oracle Retail Order Broker, Enterprise Manager Base Platform, Spring Framework, Oracle Communications Unified Inventory Management, Oracle FLEXCUBE Private Banking, Oracle Utilities Network Management System, Communications Converged Application Server, Insurance Policy Administration J2EE, Financial Services Analytical Applications Infrastructure, Jboss Fuse, Oracle Hospitality Guest Access, Application Testing Suite, Primavera Gateway, Retail Xstore Point of Service, Oracle Retail Clearance Optimization Engine, Oracle Retail Markdown Optimization, Oracle Retail Customer Insights, Communications Online Mediation Controller, Primavera Analytics, Retail Integration Bus, Oracle Retail Predictive Application Server, Oracle Retail Assortment Planning, Oracle Big Data Discovery, Oracle Insurance Calculation Engine, Oracle Insurance Rules Palette, Oracle Retail Financial Integration, Oracle Retail Service Backbone, Oracle Healthcare Master Person Index, Oracle Agile PLM, Financial Services Behavior Detection Platform, MICROS Lucas, Enterprise Manager for MySQL Database, Oracle GoldenGate for Big Data, Tape Library ACSLS, Oracle Communications Services Gatekeeper, Retail Open Commerce Platform, Oracle Health Sciences Information Manager, Oracle Service Architecture Leveraging Tuxedo, Communications Performance Intelligence Center (PIC) Software, Enterprise Manager for Fusion Applications",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Spring Framework \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044f (CWE-285), \u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044f (CWE-863)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Spring Framework \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0435\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html \nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html \nhttp://www.securityfocus.com/bid/104222 \nhttp://www.securitytracker.com/id/1041888 \nhttp://www.securitytracker.com/id/1041896 \nhttps://access.redhat.com/errata/RHSA-2019:2413 \nhttps://pivotal.io/security/cve-2018-1258 \nhttps://security.netapp.com/advisory/ntap-20181018-0002/ \nhttps://www.oracle.com/security-alerts/cpuapr2020.html \nhttps://www.oracle.com/security-alerts/cpujan2020.html \nhttps://www.oracle.com/security-alerts/cpujan2021.html\nhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html \nhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html \nhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-285, CWE-863",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

CVE-2018-1258 (GCVE-0-2018-1258)

Vulnerability from cvelistv5 – Published: 2018-05-11 20:00 – Updated: 2024-09-17 02:56

Summary

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

Severity ?

No CVSS data available.

CWE

Authorization Bypass

Assigner

dell

References

URL

Tags

	http://www.securityfocus.com/bid/104222	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1041888	vdb-entryx_refsource_SECTRACK
	http://www.securitytracker.com/id/1041896	vdb-entryx_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2019:2413	vendor-advisoryx_refsource_REDHAT
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advis…	x_refsource_CONFIRM
	https://www.oracle.com/technetwork/security-advis…	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advis…	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2018101…	x_refsource_CONFIRM
	https://pivotal.io/security/cve-2018-1258	x_refsource_CONFIRM
	https://www.oracle.com/security-alerts/cpujan2021.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Pivotal	Spring Framework	Affected: 5.0.5

Date Public ?

2018-05-09 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:51:49.125Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104222",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104222"
          },
          {
            "name": "1041888",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041888"
          },
          {
            "name": "1041896",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041896"
          },
          {
            "name": "RHSA-2019:2413",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2413"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2018-1258"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Framework",
          "vendor": "Pivotal",
          "versions": [
            {
              "status": "affected",
              "version": "5.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-05-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Authorization Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:01.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "104222",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104222"
        },
        {
          "name": "1041888",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041888"
        },
        {
          "name": "1041896",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041896"
        },
        {
          "name": "RHSA-2019:2413",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2413"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2018-1258"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2018-05-09T00:00:00",
          "ID": "CVE-2018-1258",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring Framework",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "5.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Pivotal"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Authorization Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104222",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104222"
            },
            {
              "name": "1041888",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041888"
            },
            {
              "name": "1041896",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041896"
            },
            {
              "name": "RHSA-2019:2413",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2413"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181018-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
            },
            {
              "name": "https://pivotal.io/security/cve-2018-1258",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2018-1258"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2018-1258",
    "datePublished": "2018-05-11T20:00:00.000Z",
    "dateReserved": "2017-12-06T00:00:00.000Z",
    "dateUpdated": "2024-09-17T02:56:37.459Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2019-01760

CVE-2018-1258 (GCVE-0-2018-1258)

Tags

Sightings

Nomenclature