6.8
CVE-2012-3532
- EPSS 0.66%
- Veröffentlicht 12.04.2013 22:55:00
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Jboss Enterprise Portal Platform Version <= 5.2.2
Redhat ≫ Jboss Enterprise Portal Platform Version4.3.0
Redhat ≫ Jboss Enterprise Portal Platform Version5.0.0
Redhat ≫ Jboss Enterprise Portal Platform Version5.0.1
Redhat ≫ Jboss Enterprise Portal Platform Version5.1.0
Redhat ≫ Jboss Enterprise Portal Platform Version5.1.1
Redhat ≫ Jboss Enterprise Portal Platform Version5.2.0
Redhat ≫ Jboss Enterprise Portal Platform Version5.2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.66% | 0.466 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
http://rhn.redhat.com/errata/RHSA-2013-0733.html
http://secunia.com/advisories/53005
http://www.securityfocus.com/bid/59015
https://bugzilla.redhat.com/show_bug.cgi?id=851046