CVE-2011-2908
CSRF on jmx-console allows invocation of operations on mbeans
Severity Score
6.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors.
Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en JMX Console (jmx-console) en JBoss Enterprise Portal Platform anterior a v5.2.2, BRMS Platform v5.3.0 anterior a roll up patch1, y SOA Platform v5.3.0, permite a atacantes remotos autenticados secuestrar la autenticación de usuarios arbitrarios para solicitudes que lleven a cabo operaciones en MBeans y posiblemente ejecutar código arbitrario mediante vectores desconocidos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-07-27 CVE Reserved
- 2012-08-09 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (19)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/51984 | Third Party Advisory | |
| http://www.osvdb.org/84530 | Vdb Entry | |
| http://www.securityfocus.com/bid/54915 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/77549 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2012-1152.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2012-1165.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2012-1232.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2013-0191.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2013-0192.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2013-0193.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2013-0194.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2013-0195.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2013-0196.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2013-0197.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2013-0198.html | 2023-02-13 | |
| http://secunia.com/advisories/50230 | 2023-02-13 | |
| http://secunia.com/advisories/50549 | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=730176 | 2013-01-24 | |
| https://access.redhat.com/security/cve/CVE-2011-2908 | 2013-01-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Jboss Enterprise Brms Platform Search vendor "Redhat" for product "Jboss Enterprise Brms Platform" | 5.3.0 Search vendor "Redhat" for product "Jboss Enterprise Brms Platform" and version "5.3.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Portal Platform Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" | <= 5.2.1 Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" and version " <= 5.2.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Portal Platform Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" | 5.0.0 Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" and version "5.0.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Portal Platform Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" | 5.0.1 Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" and version "5.0.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Portal Platform Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" | 5.1.0 Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" and version "5.1.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Portal Platform Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" | 5.1.1 Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" and version "5.1.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Portal Platform Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" | 5.2.0 Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" and version "5.2.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Soa Platform Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" | 5.3.0 Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "5.3.0" | - |
Affected
| ||||||