CVE-2011-2908 — Vulnetix

Try Vulnetix Request Demo

CVE-2011-2908 PUBLISHED CVSS 6 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors.

EPSS 0.72% · 72.3th percentile

Risk Scores

CVSS v2.0

6

EPSS Score

0.72%

72.3th percentile

Affected Products

Vendor	Product	Versions
redhat	jboss_enterprise_brms_platform	5.3.0
redhat	jboss_enterprise_portal_platform	0, 5.0.0, 5.0.1
n/a	n/a	n/a
redhat	jboss_enterprise_soa_platform	5.3.0

Timeline

Nov 23, 2012 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

http://secunia.com/advisories/50549 advisory
RHSA-2012:1165 vendor-advisory
54915 vdb
jboss-jmx-console-csrf(77549) vdb
50230 third-party-advisory
RHSA-2013:0192 vendor-advisory
RHSA-2013:0198 vendor-advisory
RHSA-2012:1152 vendor-advisory
RHSA-2013:0195 vendor-advisory
RHSA-2013:0196 vendor-advisory
RHSA-2013:0193 vendor-advisory
51984 third-party-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=730176 url
RHSA-2013:0191 vendor-advisory
RHSA-2012:1232 vendor-advisory
RHSA-2013:0197 vendor-advisory
RHSA-2013:0194 vendor-advisory
84530 vdb
https://nvd.nist.gov/vuln/detail/CVE-2011-2908 advisory
https://access.redhat.com/errata/RHSA-2012:1152 url

…and 11 more

Open in Interactive Console →