VDB
CVE-2018-10899
CVE-2018-10899
PUBLISHED
CVSS 8.100000381469727 HIGH
Cross-Site Request Forgery in Jolokia
EPSS 2.09% · 84.4th percentile
Risk Scores
CVSS 3.0
8.100000381469727
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
2.09%
84.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | org.jolokia:jolokia-core | 1.2 |
| jolokia | jolokia | 1.6.1, 1.2.0 |
| redhat | openstack | 13 |
Exploit Intelligence
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10899 (circl)
- https://jolokia.org/changes-report.html#a1.6.1 (circl)
- RHSA-2019:2413 (circl)
- RHSA-2019:2804 (circl)
- [activemq-issues] 20200102 [jira] [Created] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899 (circl)
- [activemq-issues] 20200120 [jira] [Work logged] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899 (circl)
- [activemq-issues] 20200122 [jira] [Updated] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899 (circl)
- [activemq-issues] 20200122 [jira] [Assigned] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899 (circl)
- [activemq-issues] 20200122 [jira] [Commented] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899 (circl)
- [activemq-issues] 20200122 [jira] [Work logged] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899 (circl)
…and 1 more exploits
Timeline
- Aug 1, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10899 url
- https://jolokia.org/changes-report.html#a1.6.1 url
- RHSA-2019:2413 vendor-advisory
- RHSA-2019:2804 vendor-advisory
- [activemq-issues] 20200102 [jira] [Created] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899 mailing-list
- [activemq-issues] 20200120 [jira] [Work logged] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899 mailing-list
- [activemq-issues] 20200122 [jira] [Updated] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899 mailing-list
- [activemq-issues] 20200122 [jira] [Assigned] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899 mailing-list
- [activemq-issues] 20200122 [jira] [Commented] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899 mailing-list
- [activemq-issues] 20200122 [jira] [Work logged] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899 mailing-list
- [activemq-issues] 20200122 [jira] [Resolved] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899 mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2018-10899 advisory
- https://lists.apache.org/thread.html/1392fbebb4fbbec379a40d16e1288fe1e4c0289d257e5206051a3793@%3Cissues.activemq.apache.org%3E url
- https://lists.apache.org/thread.html/r46f6dbc029f49e1f638c6eb82accb94b7f990d818cb3b3bc0007dd0a@%3Cissues.activemq.apache.org%3E url
- https://lists.apache.org/thread.html/r64701caec91c43efd7416d6bddef88447371101e00e8562741ede262@%3Cissues.activemq.apache.org%3E url
- https://lists.apache.org/thread.html/r67cdc50af9caf89c9ebe1bde08393a343dcd89edba1c63677f68f43b@%3Cissues.activemq.apache.org%3E url
- https://lists.apache.org/thread.html/rc169dac018d07e8ddf2a3bb2fd1efc6cbda4f83f1bbf7a8c798e7f4f@%3Cissues.activemq.apache.org%3E url
- https://lists.apache.org/thread.html/rdb0a59d7851e721b75beea13d6488e345a3e2735838e89d9269d7d32@%3Cissues.activemq.apache.org%3E url
- https://lists.apache.org/thread.html/rf33ffbba619a4281ce592a6ed259c07a557aefb4975619d83c4122ea@%3Cissues.activemq.apache.org%3E url