PT-2012-1581 · Red Hat+1 · Jboss Enterprise Portal Platform+3

David Jorm

Published

2012-11-23

Updated

2023-02-13

CVE-2011-2908

CVSS v2.0

6.0

Medium

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions JBoss Enterprise Portal Platform versions prior to 5.2.2 BRMS Platform 5.3.0 before roll up patch 1 SOA Platform 5.3.0 before roll up patch 1

Description A cross-site request forgery (CSRF) issue exists in the JMX Console, allowing remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code.

Recommendations For JBoss Enterprise Portal Platform versions prior to 5.2.2, update to version 5.2.2 or later. For BRMS Platform 5.3.0, apply roll up patch 1 or later. For SOA Platform 5.3.0, apply roll up patch 1 or later.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2011-2908

RHSA-2013:0191

RHSA-2013:0192

RHSA-2013:0193

RHSA-2013:0195

RHSA-2013:0196

RHSA-2013:0197

Affected Products

Brms Platform

Jboss Enterprise Portal Platform

Jmx Console

Soa Platform

PT-2012-1581 · Red Hat+1 · Jboss Enterprise Portal Platform+3

CVE-2011-2908

Weakness Enumeration

Related Identifiers

Affected Products

References · 19