CVE-2012-3532

CWE-352 — Cross-Site Request Forgery (CSRF)5 documents5 sources

Severity

6.8MEDIUM

EPSS

0.1%

top 65.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Portal Platform

Timeline

PublishedApr 12

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDredhat/jboss_enterprise_portal_platform5.2.2+7

🔴Vulnerability Details

GHSA

GHSA-fpcp-pjgq-5rf9: Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5↗2022-05-17

▶

CVEList

CVE-2012-3532: Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5↗2013-04-12

▶

📋Vendor Advisories

Red Hat

Portal: Cross Site Request Forgery↗2013-04-10

▶

💬Community

Bugzilla

CVE-2012-3532 GateIn Portal: Cross Site Request Forgery↗2012-08-23

▶