CVE-2018-1000129

moderate-risk
Published 2018-03-14

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.

Do I need to act?

!
76.8% chance of exploitation in next 30 days
EPSS score — higher than 23% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Jolokia

References (8)

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2669
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3817
Patch https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f...
Vendor Advisory https://jolokia.org/#Security_fixes_with_1.5.0
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2669
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3817
Patch https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f...
Vendor Advisory https://jolokia.org/#Security_fixes_with_1.5.0
48
/ 100
moderate-risk
Severity 23/34 · High
Exploitability 20/34 · Moderate
Exposure 5/34 · Minimal