CVE-2011-2908 — Vulnetix

CVE-2011-2908 PUBLISHED CVSS 6 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors.

EPSS 0.72% · 72.8th percentile

Risk Scores

CVSS 2.0

EPSS Score

0.72%

72.8th percentile

Affected Products

Vendor	Product	Versions
redhat	jboss_enterprise_brms_platform	5.3.0
redhat	jboss_enterprise_portal_platform	5.0.1, 5.1.0, 5.1.1
n/a	n/a	n/a
redhat	jboss_enterprise_soa_platform	5.3.0

Exploit Intelligence

…and 8 more exploits

Timeline

Nov 23, 2012 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 25, 2023 EPSS Score

References

http://secunia.com/advisories/50549 advisory
RHSA-2012:1165 vendor-advisory
54915 vdb
jboss-jmx-console-csrf(77549) vdb
50230 third-party-advisory
RHSA-2013:0192 vendor-advisory
RHSA-2013:0198 vendor-advisory
RHSA-2012:1152 vendor-advisory
RHSA-2013:0195 vendor-advisory
RHSA-2013:0196 vendor-advisory
RHSA-2013:0193 vendor-advisory
51984 third-party-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=730176 url
RHSA-2013:0191 vendor-advisory
RHSA-2012:1232 vendor-advisory
RHSA-2013:0197 vendor-advisory
RHSA-2013:0194 vendor-advisory
84530 vdb
https://nvd.nist.gov/vuln/detail/CVE-2011-2908 advisory
https://access.redhat.com/errata/RHSA-2012:1152 url

…and 11 more

Open in Interactive Console →