CVE-2011-2908

Sažetak

Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors.

Reference

http://rhn.redhat.com/errata/RHSA-2012-1165.html
http://secunia.com/advisories/50549
http://rhn.redhat.com/errata/RHSA-2012-1232.html
http://www.securityfocus.com/bid/54915
http://www.osvdb.org/84530
https://bugzilla.redhat.com/show_bug.cgi?id=730176
http://rhn.redhat.com/errata/RHSA-2012-1152.html
http://secunia.com/advisories/50230
http://rhn.redhat.com/errata/RHSA-2013-0194.html
http://secunia.com/advisories/51984
http://rhn.redhat.com/errata/RHSA-2013-0195.html
http://rhn.redhat.com/errata/RHSA-2013-0198.html
http://rhn.redhat.com/errata/RHSA-2013-0197.html
http://rhn.redhat.com/errata/RHSA-2013-0196.html
http://rhn.redhat.com/errata/RHSA-2013-0191.html
http://rhn.redhat.com/errata/RHSA-2013-0193.html
http://rhn.redhat.com/errata/RHSA-2013-0192.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/77549

CVSS

Base:	6.0
Impact:	6.4
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

13-02-2023 - 04:32

Objavljeno

23-11-2012 - 20:55