CVE-2017-8045

{"id": "CVE-2017-8045", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-11-27T10:29:00.907", "references": [{"url": "http://www.securityfocus.com/bid/100936", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "https://pivotal.io/security/cve-2017-8045", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack."}, {"lang": "es", "value": "En Pivotal Spring AMQP, en versiones anteriores a la 1.7.4, 1.6.11 y 1.5.7, org.springframework.amqp.core.Message podr\u00eda deserializarse de forma insegura al convertirse en cadena. Una carga \u00fatil maliciosa podr\u00eda manipularse para explotar esto y permitir un ataque de ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2017-12-12T17:59:20.987", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8ACFBB63-5DF2-4CFE-9F37-B4F91BAF210C"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.0:m1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD0434AC-A22B-410C-BD47-5416ED236D6B"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01C1A0C8-5881-4D45-9BAE-47342892610D"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFE1950B-E677-4B62-80D6-DAD8AA90D74B"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56444AA0-79FF-4E96-A06A-5DE099D26F03"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06313540-F311-4F45-BD93-A318D0773354"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF8111C7-D43F-4CE3-AD94-7A0A09036E32"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C49EC65-236E-4831-A8C0-9AEF1B308ABC"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "176DD4C4-21E3-4E17-AE78-298325AE7FB5"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70A38607-63FD-4270-9BCC-EFCCEDDD4496"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.0:m1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B334BA4-4CBA-48A0-B347-3E23FA003DB7"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.0:m2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64170B60-0D44-4F98-B57F-9A2A05E62ADA"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B6643CB-F480-462C-9C54-4F2D9F78ADD6"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC9B6464-C6E5-4944-8745-02605C068D0A"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C88C739-8DBC-4719-B0FD-A18FA598184B"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "485FE522-130B-49EB-A84F-E30E70D866FD"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D636C03C-420A-4997-9C01-2019EF481AD5"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E00506B-2BE4-48D6-8E7C-4A719521FC98"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC55C720-3B3B-456E-9E03-BE2BEB85C211"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05C87474-4BC3-4EDE-B54D-B91154826224"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA632EBE-06AA-4A6E-A1DF-5C71F88A3EC4"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FAA749F-46DF-4176-ABF0-904F8F506FCD"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DBB0442-EE82-4AEA-B370-58AFFA2656DA"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4138AE8A-DA42-404F-A5FA-5B99891B0A54"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBDF3851-F41B-473E-BDBE-3F45A476ECAC"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BCC4621-0BF1-4869-AC68-AA14B645458B"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24E48B94-9D63-47CB-BB04-DC4DCC19950B"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}