6
CVE-2011-2908
- EPSS 1.57%
- Veröffentlicht 23.11.2012 20:55:01
- Zuletzt bearbeitet 16.06.2026 23:32:13
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Jboss Enterprise Brms Platform Version5.3.0
Redhat ≫ Jboss Enterprise Portal Platform Version <= 5.2.1
Redhat ≫ Jboss Enterprise Portal Platform Version5.0.0
Redhat ≫ Jboss Enterprise Portal Platform Version5.0.1
Redhat ≫ Jboss Enterprise Portal Platform Version5.1.0
Redhat ≫ Jboss Enterprise Portal Platform Version5.1.1
Redhat ≫ Jboss Enterprise Portal Platform Version5.2.0
Redhat ≫ Jboss Enterprise Soa Platform Version5.3.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.57% | 0.721 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
http://rhn.redhat.com/errata/RHSA-2012-1232.html
http://secunia.com/advisories/50549
http://rhn.redhat.com/errata/RHSA-2013-0191.html
http://rhn.redhat.com/errata/RHSA-2013-0192.html
http://rhn.redhat.com/errata/RHSA-2013-0193.html
http://rhn.redhat.com/errata/RHSA-2013-0194.html
http://rhn.redhat.com/errata/RHSA-2013-0195.html
http://rhn.redhat.com/errata/RHSA-2013-0196.html
http://rhn.redhat.com/errata/RHSA-2013-0197.html
http://rhn.redhat.com/errata/RHSA-2013-0198.html
http://secunia.com/advisories/51984
http://rhn.redhat.com/errata/RHSA-2012-1152.html
http://rhn.redhat.com/errata/RHSA-2012-1165.html
http://secunia.com/advisories/50230
http://www.osvdb.org/84530
http://www.securityfocus.com/bid/54915
https://bugzilla.redhat.com/show_bug.cgi?id=730176
https://exchange.xforce.ibmcloud.com/vulnerabilities/77549