CVE-2011-2908

CWE-352 — Cross-Site Request Forgery (CSRF)6 documents6 sources

Severity

6.0MEDIUM

EPSS

0.7%

top 27.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Portal Platform Redhat Jboss Enterprise Brms Platform Redhat Jboss Enterprise SOA Platform

Timeline

PublishedNov 23

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages3 packages

▶NVDredhat/jboss_enterprise_portal_platform5.2.1+5

▶NVDredhat/jboss_enterprise_brms_platform5.3.0

▶NVDredhat/jboss_enterprise_soa_platform5.3.0

🔴Vulnerability Details

GHSA

GHSA-x3w9-v829-qphw: Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5↗2022-05-17

▶

CVEList

CVE-2011-2908: Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5↗2012-11-23

▶

VulnCheck

Red Hat jboss_enterprise_brms_platform Cross-Site Request Forgery (CSRF)↗2011

▶

📋Vendor Advisories

Red Hat

CSRF on jmx-console allows invocation of operations on mbeans↗2007-02-22

▶

💬Community

Bugzilla

CVE-2011-2908 CSRF on jmx-console allows invocation of operations on mbeans↗2011-08-12

▶