CVE-2018-8031

Name of the Vulnerable Software and Affected Versions: Apache TomEE versions prior to 7.0.5

Description: The Apache TomEE console has a XSS issue that could allow javascript to be executed if a user is given a malicious URL. This web application is used to add TomEE features to a Tomcat installation. The issue can be exploited when a malicious URL is provided to the user.

Recommendations: For versions prior to 7.0.5, upgrade to TomEE 7.0.5 to resolve the issue. As a temporary workaround, consider removing the tomee-webapp application after TomEE is setup, or use one of the provided pre-configured bundles to minimize the risk of exploitation.