Hi, anyone else seeing false detections of Pivotal Software Spring Data Commons: CVE-2018-1273 ?
We got some of these and opened a case with support because the CVE detection logic seems faulty. We have re-checked this with custom python PoC’s and burp payloads and they show assets as non-vulnerable whereas Rapid7 IVM shows them as vulnerable.
1 Like
We also received few alerts related to application such as Splunk, Nagios, and Cisco ISE. We suspected it was a false positive as the systems are still the same for a while, and only now it was reported. Watching the tread to see if this gets fixed.
We are aware of this and are in the process of investigating this check logic.
We will provide an update when we have more information.
If you haven’t yet, could you please log a support case, and reference this thread for support
1 Like
Any update on the closure of this item?