First published: Mon Jan 14 2019(Updated: )
Pivotal Spring Batch could allow a remote attacker to obtain sensitive information, caused by improper handling of XML External Entity (XXE). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to obtain sensitive information from the system.
Credit: security_alert@emc.com security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pivotal Software Spring Batch | <=3.0.9 | |
Pivotal Software Spring Batch | >=4.0.0<=4.0.1 | |
Pivotal Software Spring Batch | =4.1.0 | |
IBM GDE | <=3.0.0.2 | |
<=3.0.9 | ||
>=4.0.0<=4.0.1 | ||
=4.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-3774 is a vulnerability in Pivotal Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, which allows a remote attacker to obtain sensitive information through the improper handling of XML External Entity (XXE) attacks.
CVE-2019-3774 affects Pivotal Spring Batch by allowing a remote attacker to exploit the vulnerability and obtain sensitive information from the system.
CVE-2019-3774 has a severity rating of 9.8 (critical).
To fix CVE-2019-3774, it is recommended to update to a supported version of Pivotal Spring Batch that includes the necessary security patches.
You can find more information about CVE-2019-3774 on the Pivotal Software and Red Hat websites using the provided references.