Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spring batch vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2017-12881
Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin prior to 1.3.0 allows remote malicious users to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability.
Spring Batch Admin Project Spring Batch Admin
3.5
CVSSv2
CVE-2017-12882
Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin prior to 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality.
Spring Batch Admin Project Spring Batch Admin
7.5
CVSSv2
CVE-2019-3774
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Pivotal Software Spring Batch
Pivotal Software Spring Batch 4.1.0
6.8
CVSSv2
CVE-2020-5411
When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default...
Pivotal Software Spring Batch
4.3
CVSSv2
CVE-2018-1229
Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been...
Pivotal Software Spring Batch Admin
6.8
CVSSv2
CVE-2018-1230
Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of...
Pivotal Software Spring Batch Admin
9.3
CVSSv2
CVE-2015-5211
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in th...
Vmware Spring Framework 3.2.2
Vmware Spring Framework 3.2.1
Vmware Spring Framework 3.2.8
Vmware Spring Framework 3.2.7
Vmware Spring Framework 3.2.10
Vmware Spring Framework 3.2.9
Vmware Spring Framework 3.2.4
Vmware Spring Framework 3.2.3
Vmware Spring Framework 3.2.6
Vmware Spring Framework 3.2.5
Vmware Spring Framework 4.0.1
Vmware Spring Framework 4.0.6
Vmware Spring Framework 4.0.8
Vmware Spring Framework 3.2.14
Vmware Spring Framework 4.2.1
Vmware Spring Framework 4.1.6
Vmware Spring Framework 4.0.2
Vmware Spring Framework 4.0.3
Vmware Spring Framework 4.0.4
Vmware Spring Framework 4.0.5
Vmware Spring Framework 3.2.11
Vmware Spring Framework 3.2.12
2 Github repositories
NA
CVE-2023-20859
In Spring Vault, versions 3.0.x before 3.0.2 and versions 2.3.x before 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.
Vmware Spring Vault
Vmware Spring Cloud Vault 4.0.0
Vmware Spring Cloud Config
Vmware Spring Cloud Vault
NA
CVE-2023-34047
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registe...
Vmware Spring For Graphql
5
CVSSv2
CVE-2014-0160
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 prior to 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote malicious users to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrat...
Openssl Openssl
Filezilla-project Filezilla Server
Siemens Application Processing Engine Firmware 2.0
Siemens Cp 1543-1 Firmware 1.1
Siemens Simatic S7-1500 Firmware 1.5
Siemens Simatic S7-1500t Firmware 1.5
Siemens Elan-8.2
Siemens Wincc Open Architecture 3.12
Intellian V100 Firmware 1.20
Intellian V100 Firmware 1.21
Intellian V100 Firmware 1.24
Intellian V60 Firmware 1.15
Intellian V60 Firmware 1.25
Mitel Micollab 6.0
Mitel Micollab 7.0
Mitel Micollab 7.1
Mitel Micollab 7.2
Mitel Micollab 7.3.0.104
Mitel Micollab 7.3
Mitel Mivoice 1.1.3.3
Mitel Mivoice 1.2.0.11
Mitel Mivoice 1.3.2.2
4 EDB exploits
2 Nmap scripts
303 Github repositories
4 Articles
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400
CVE-2023-7252
CVE-2024-21111
denial of service
CVE-2024-29661
CVE-2024-22856
remote attackers
encryption
CVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started