CVE-2017-8046 in VMware and Pivotal Software Products
Published on January 4, 2018

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.

Vendor Advisory NVD

Products Associated with CVE-2017-8046

stack.watch emails you whenever new vulnerabilities are published in VMware Spring Boot or Pivotal Software Spring Data Rest. Just hit a watch button to start following.

VMware Spring Boot

Pivotal Software Spring Data Rest

Affected Versions

Pivotal Spring Data REST and Spring Boot Version Pivotal Spring Data REST versions prior to 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 is affected by CVE-2017-8046

Exploit Probability

EPSS

93.98%

Percentile

99.88%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2017-8046 in VMware and Pivotal Software ProductsPublished on January 4, 2018

Products Associated with CVE-2017-8046

Affected Versions

Exploit Probability

CVE-2017-8046 in VMware and Pivotal Software Products
Published on January 4, 2018