PT-2012-1581 · Red Hat+1 · Jboss Enterprise Portal Platform+3

David Jorm

Publicado

2012-11-23

Atualizado

2023-02-13

CVE-2011-2908

CVSS v2.0

6.0

Média

Vetor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions JBoss Enterprise Portal Platform versions prior to 5.2.2 BRMS Platform 5.3.0 before roll up patch 1 SOA Platform 5.3.0 before roll up patch 1

Description A cross-site request forgery (CSRF) issue exists in the JMX Console, allowing remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code.

Recommendations For JBoss Enterprise Portal Platform versions prior to 5.2.2, update to version 5.2.2 or later. For BRMS Platform 5.3.0, apply roll up patch 1 or later. For SOA Platform 5.3.0, apply roll up patch 1 or later.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2011-2908

RHSA-2013:0191

RHSA-2013:0192

RHSA-2013:0193

RHSA-2013:0195

RHSA-2013:0196

RHSA-2013:0197

Produtos afetados

Brms Platform

Jboss Enterprise Portal Platform

Jmx Console

Soa Platform

PT-2012-1581 · Red Hat+1 · Jboss Enterprise Portal Platform+3

CVE-2011-2908

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 19