CSRF in Redhat Jboss_enterprise_brms_platform

CVE-2011-2908

Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijac…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.007 (72.8th percentile) — read the EPSS interpretation.

Affected products

Redhat Jboss_enterprise_brms_platform — versions 5.3.0
Redhat Jboss_enterprise_portal_platform — versions 5.0.0, 5.0.1, 5.1.0
Redhat Jboss_enterprise_soa_platform — versions 5.3.0
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

RHSA-2012:1165 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
54915 (vdb-entry, x_refsource_BID)
jboss-jmx-console-csrf(77549) (vdb-entry, x_refsource_XF)
50230 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
RHSA-2013:0192 (x_refsource_REDHAT, vendor-advisory)
RHSA-2013:0198 (x_refsource_REDHAT, vendor-advisory)
RHSA-2012:1152 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2013:0195 (x_refsource_REDHAT, vendor-advisory)
RHSA-2013:0196 (x_refsource_REDHAT, vendor-advisory)
RHSA-2013:0193 (x_refsource_REDHAT, vendor-advisory)