CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2018-10899 – jolokia: system-wide CSRF that could lead to Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-10899
01 Aug 2019 — A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack. Se detectó un fallo en Jolokia versiones 1.2 anteriores a 1.6.1. • https://access.redhat.com/errata/RHSA-2019:2413 • CWE-20: Improper Input Validation CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 14EXPL: 1CVE-2014-0168 – Jolokia: cross-site request forgery (CSRF)
https://notcve.org/view.php?id=CVE-2014-0168
02 Oct 2014 — Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page. Vulnerabilidad de CSRF en Jolokia anterior a 1.2.1 permite a atacantes remotos secuestrar la autenticación de usuarios para solicitudes que ejecutan métodos MBeans a través de una página web manipulada. It was found that Jolokia was vulnerable to Cross-Site Request Forgery (CSRF) attacks. A remote attacker could... • http://rhn.redhat.com/errata/RHSA-2014-1351.html • CWE-352: Cross-Site Request Forgery (CSRF) •