CVE-2011-2908

high

Description

Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/77549

https://bugzilla.redhat.com/show_bug.cgi?id=730176

http://www.securityfocus.com/bid/54915

http://www.osvdb.org/84530

http://secunia.com/advisories/51984

http://secunia.com/advisories/50549

http://secunia.com/advisories/50230

http://rhn.redhat.com/errata/RHSA-2013-0198.html

http://rhn.redhat.com/errata/RHSA-2013-0197.html

http://rhn.redhat.com/errata/RHSA-2013-0196.html

http://rhn.redhat.com/errata/RHSA-2013-0195.html

http://rhn.redhat.com/errata/RHSA-2013-0194.html

http://rhn.redhat.com/errata/RHSA-2013-0193.html

http://rhn.redhat.com/errata/RHSA-2013-0192.html

http://rhn.redhat.com/errata/RHSA-2013-0191.html

http://rhn.redhat.com/errata/RHSA-2012-1232.html

http://rhn.redhat.com/errata/RHSA-2012-1165.html

http://rhn.redhat.com/errata/RHSA-2012-1152.html

Details

Source: Mitre, NVD

Published: 2012-11-23

Updated: 2023-02-13

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Severity: High