search cancel

UIM - Remote Code Execution with spring-messaging (CVE-2018-1270)

book

Article ID: 229563

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

Vulnerability Spring Framework 4.3.x < 4.3.16 / 5.0.x < 5.0.5 Remote Code Execution with spring-messaging (CVE-2018-1270) detected for the wasp probes in environment 

 

 

Environment

Release : 20.3.3 

Component : UIM OPERATOR CONSOLE - WASP & CORE

Resolution

Vulnerability CVE-2018-1270 is fixed in the upcoming UIM 20.4.0 release

As part of this fix , spring-core component has been upgraded to the non-vulnerable spring-core-4.3.30.RELEASE.