What is CVE-2014-0120?

CVE-2014-0120 is a high-severity vulnerability in Hawt Hawtio, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.8/10. Published 2017-12-29.

How severe is CVE-2014-0120?

High severity. CVSS v3 base score is 8.8 out of 10.

CSRF in Hawt Hawtio

CVE-2014-0120

Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdo…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.001 (28.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Hawt Hawtio
Redhat Jboss_fuse — versions 6.1.0
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

secalert@redhat.com (Third Party Advisory, x_refsource_MISC, Issue Tracking)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)

Frequently asked questions

What is CVE-2014-0120?: CVE-2014-0120 is a high-severity vulnerability in Hawt Hawtio, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.8/10. Published 2017-12-29.
How severe is CVE-2014-0120?: High severity. CVSS v3 base score is 8.8 out of 10.